CVE-2026-26131 — Incorrect Default Permissions in Microsoft NET 10.0

CWE-276 — Incorrect Default Permissions10 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 95.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET 10.0 Microsoft NET Microsoft Microsoft.netcore.app.runtime.linux-arm +5 more

Timeline

PublishedMar 10

Latest updateMar 11

Description

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDmicrosoft/net10.0.0 — 10.0.4

▶CVEListV5microsoft/net_10.010.0.0 — 10.0.4

▶NuGetmicrosoft/microsoft.netcore.app.runtime.linux-arm10.0.0 — 10.0.4

▶NuGetmicrosoft/microsoft.netcore.app.runtime.linux-x6410.0.0 — 10.0.4

▶NuGetmicrosoft/microsoft.netcore.app.runtime.linux-arm6410.0.0 — 10.0.4

🔴Vulnerability Details

OSV

.NET Elevation of Privilege Vulnerability↗2026-03-11

▶

GHSA

.NET Elevation of Privilege Vulnerability↗2026-03-11

▶

OSV

CVE-2026-26131: Incorrect default permissions in↗2026-03-10

▶

OSV

Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability↗2026-03-10

▶

GHSA

Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability↗2026-03-10

▶

📋Vendor Advisories

Microsoft

.NET Elevation of Privilege Vulnerability↗2026-03-10

▶

Red Hat

dotnet: .NET: Privilege escalation via incorrect default permissions↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-26131 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶