7.8
CVE-2026-45490
- EPSS 0.38%
- Veröffentlicht 09.06.2026 17:17:25
- Zuletzt bearbeitet 30.06.2026 03:20:04
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
.NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.302 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45490
https://access.redhat.com/security/cve/CVE-2026-45490
https://bugzilla.redhat.com/show_bug.cgi?id=2487184
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45490.json