Improper Link Resolution Vulnerability in .NET by Microsoft
CVE-2026-50526

7HIGH

What is CVE-2026-50526?

An improper link resolution vulnerability in .NET could allow an authorized attacker to undermine the integrity of the system by exploiting file access mechanisms. This situation arises when the system fails to validate links correctly before accessing files, potentially leading to unauthorized file tampering. It is crucial for organizations using affected versions of .NET to implement mitigations and apply necessary patches to safeguard against this type of attack.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.6

.NET 8.0 8.0.0 < 8.0.29

.NET 9.0 9.0.0 < 9.0.18

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.