{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26131", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T16:24:51.132Z", "datePublished": "2026-03-10T17:05:09.057Z", "dateUpdated": "2026-04-14T16:36:13.962Z"}, "containers": {"cna": {"title": ".NET Elevation of Privilege Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.4"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"version": "10.0.0", "lessThan": "10.0.4", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-276: Incorrect Default Permissions", "lang": "en-US", "type": "CWE", "cweId": "CWE-276"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:13.962Z"}, "references": [{"name": ".NET Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T03:55:27.788157Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:08:16.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T03:55:27.788157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:02:09.794Z"}}], "cna": {"title": ".NET Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.4", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131", "name": ".NET Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.4", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:13.962Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26131", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:13.962Z", "dateReserved": "2026-02-11T16:24:51.132Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:09.057Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F0778BD-8D31-493B-93D5-FD554BB1AA33", "versionEndExcluding": "10.0.4", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally."}, {"lang": "es", "value": "Permisos predeterminados incorrectos en .NET permiten a un atacante autorizado elevar privilegios localmente."}], "id": "CVE-2026-26131", "lastModified": "2026-04-01T20:23:21.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:42.393", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{"bugzilla": {"description": "dotnet: .NET: Privilege escalation via incorrect default permissions", "id": "2446069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446069"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-276", "details": ["A flaw was found in .NET. Incorrect default permissions allow an authorized local attacker to exploit this vulnerability. This can lead to local privilege escalation, enabling the attacker to gain higher access rights on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-26131", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet6.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet7.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-10T17:05:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-26131\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-26131\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.0.4)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": ".NET 10.0", "source": "cna", "vendor": "Microsoft"}, "product": ".net", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-02T05:05:56.124731+00:00", "value": {"mitigation_remediation": ["Download and install the latest Microsoft .NET 10.0 update that resolves the permission configuration issue.", "Confirm that default permission settings for .NET components are correctly applied after the update.", "If an update is not yet available, configure the application to run with the minimum permissions required for its operation.", "Continuously monitor system logs for attempts to modify permissions or perform actions outside normal user scope."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of Microsoft .NET 10.0. No sub\u2011version details are supplied, so any .NET 10.0 deployment may be vulnerable. Although the Common Platform Enumeration list mentions Linux kernel, the CVE description does not associate the flaw with Linux products.", "description_and_impact": "Incorrect default permissions in Microsoft .NET 10.0 enable an attacker who already has authorized local access to increase their privileges. The flaw is mapped to CWE\u2011276, Incorrect Access Control. The result is that the attacker can perform actions reserved for higher\u2011privilege users, but the description does not specify broader consequences such as arbitrary code execution.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity level, while the EPSS score of less than 1 percent suggests that exploitation is currently unlikely. The vulnerability is not included in the CISA KEV catalog, implying no widespread coordinated attacks are documented. A local attacker with legitimate access would need to exploit the incorrect permission setting to raise their privileges."}}}}, "created": "2026-03-11T11:45:37.605360+00:00", "updated": "2026-04-02T08:00:23.644521+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$.net"]}