Ubuntu 24.04 LTS USN-8025-2 .NET Critical Bypass CVE-2026-21218
ubuntu
February 16, 2026
.NET could be made to bypass security features.
Summary
.NET could be made to bypass security features.
Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
Details:
USN 8025-1 fixed a vulnerability in .NET. This update provides the
corresponding fix for Ubuntu 24.04 LTS.
Original advisory details:
Kevin Jones discovered that the System.Security.Cryptography.Cose
component in .NET did not properly handle certain missing special
elements in input data. An attacker could possibly use this issue to
bypass security checks and gain unauthorized access or perform data
manipulation.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.3-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.103-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.124-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.103-0ubuntu1~24.04.1 dotnet10 10.0.103-10.0.3-0ubuntu1~24.04.1 dotnet8 8.0.124-8.0.24-0ubuntu1~24.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8025-2
https://ubuntu.com/security/notices/USN-8025-1
CVE-2026-21218
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8025-2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!