Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 24.04 LTS USN-8025-2 .NET Critical Bypass CVE-2026-21218

Calendar Feb 16, 2026 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory unauthorized access security issue critical Ubuntu dotnet
.NET could be made to bypass security features. 
==========================================================================
Ubuntu Security Notice USN-8025-2
February 16, 2026

dotnet8, dotnet10 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

.NET could be made to bypass security features.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime

Details:

USN 8025-1 fixed a vulnerability in .NET. This update provides the
corresponding fix for Ubuntu 24.04 LTS.

Original advisory details:

 Kevin Jones discovered that the System.Security.Cryptography.Cose
 component  in .NET did not properly handle certain missing special
 elements in input  data. An attacker could possibly use this issue to
 bypass security checks  and gain unauthorized access or perform data
 manipulation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  aspnetcore-runtime-10.0         10.0.3-0ubuntu1~24.04.1
  aspnetcore-runtime-8.0          8.0.24-0ubuntu1~24.04.1
  dotnet-host-10.0                10.0.3-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.24-0ubuntu1~24.04.1
  dotnet-hostfxr-10.0             10.0.3-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.24-0ubuntu1~24.04.1
  dotnet-runtime-10.0             10.0.3-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.24-0ubuntu1~24.04.1
  dotnet-sdk-10.0                 10.0.103-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.124-0ubuntu1~24.04.1
  dotnet-sdk-aot-10.0             10.0.103-0ubuntu1~24.04.1
  dotnet10                        10.0.103-10.0.3-0ubuntu1~24.04.1
  dotnet8                         8.0.124-8.0.24-0ubuntu1~24.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8025-2
  https://ubuntu.com/security/notices/USN-8025-1
  CVE-2026-21218

Package Information:
  https://launchpad.net/ubuntu/+source/dotnet10/10.0.103-10.0.3-0ubuntu1~24.04.1
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~24.04.1

Ubuntu 24.04 LTS USN-8025-2 .NET Critical Bypass CVE-2026-21218

ubuntu
Calendar Grey February 16, 2026
Dist Ubuntu Esm H88
This advisory informs about a critical .NET security issue on Ubuntu 24.04 LTS, enabling potential unauthorized access.
.NET could be made to bypass security features.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: .NET could be made to bypass security features. Software Description: - dotnet10: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime Details: USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation.

Topics%20covered

Topics Covered

security advisory unauthorized access security issue critical Ubuntu dotnet

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.3-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.103-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.124-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.103-0ubuntu1~24.04.1 dotnet10 10.0.103-10.0.3-0ubuntu1~24.04.1 dotnet8 8.0.124-8.0.24-0ubuntu1~24.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8025-2

https://ubuntu.com/security/notices/USN-8025-1

CVE-2026-21218

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8025-2

Topics%20covered

Topics Covered

security advisory unauthorized access security issue critical Ubuntu dotnet

Package Information

https://launchpad.net/ubuntu/+source/dotnet10/10.0.103-10.0.3-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~24.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here