7.8

CVE-2026-45490

Medienbericht

.NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Version >= 8.0.0 < 8.0.28
   MicrosoftWindows Version-
Microsoft.Net Version >= 9.0.0 < 9.0.17
   MicrosoftWindows Version-
Microsoft.Net Version >= 10.0.0 < 10.0.9
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.302
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 18:13
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 20:12
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45490
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-45490
https://bugzilla.redhat.com/show_bug.cgi?id=2487184
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45490.json