Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 25.10 Critical .NET Bypass Security Flaw USN-8025-1 CVE-2026-21218

ubuntu
Calendar Grey February 12, 2026
Dist Ubuntu Esm H88
Update your Ubuntu system with critical .NET patches to prevent security bypass and data manipulation issues for dotnet components.
.NET could be made to bypass security features.

Summary

.NET could be made to bypass security features.

Software Description:

- dotnet10: .NET CLI tools and runtime

- dotnet8: .NET CLI tools and runtime

- dotnet9: .NET CLI tools and runtime

Details:

Kevin Jones discovered that the System.Security.Cryptography.Cose component

in .NET did not properly handle certain missing special elements in input

data. An attacker could possibly use this issue to bypass security checks

and gain unauthorized access or perform data manipulation.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  aspnetcore-runtime-10.0         10.0.3-0ubuntu1~25.10.1
  aspnetcore-runtime-8.0          8.0.24-0ubuntu1~25.10.1
  aspnetcore-runtime-9.0          9.0.13-0ubuntu1~25.10.1
  dotnet-host-10.0                10.0.3-0ubuntu1~25.10.1
  dotnet-host-8.0                 8.0.24-0ubuntu1~25.10.1
  dotnet-host-9.0                 9.0.13-0ubuntu1~25.10.1
  dotnet-hostfxr-10.0             10.0.3-0ubuntu1~25.10.1
  dotnet-hostfxr-8.0              8.0.24-0ubuntu1~25.10.1
  dotnet-hostfxr-9.0              9.0.13-0ubuntu1~25.10.1
  dotnet-runtime-10.0             10.0.3-0ubuntu1~25.10.1
  dotnet-runtime-8.0              8.0.24-0ubuntu1~25.10.1
  dotnet-runtime-9.0              9.0.13-0ubuntu1~25.10.1
  dotnet-sdk-10.0                 10.0.103-0ubuntu1~25.10.1
  dotnet-sdk-8.0                  8.0.124-0ubuntu1~25.10.1
  dotnet-sdk-9.0                  9.0.114-0ubuntu1~25.10.1
  dotnet-sdk-aot-10.0             10.0.103-0ubuntu1~25.10.1
  dotnet-sdk-aot-9.0              9.0.114-0ubuntu1~25.10.1
  dotnet10                        10.0.103-10.0.3-0ubuntu1~25.10.1
  dotnet8                         8.0.124-8.0.24-0ubuntu1~25.10.1
  dotnet9                         9.0.114-9.0.13-0ubuntu1~25.10.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.24-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.24-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.24-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.24-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.124-0ubuntu1~22.04.1
  dotnet8                         8.0.124-8.0.24-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8025-1

CVE-2026-21218

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8025-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here