Jun 2026: .NET SDK Elevation of Privilege Vulnerability
CVE-2026-45490 Published on June 9, 2026

.NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-45490 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-45490 has been classified to as an AuthZ vulnerability or weakness.

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2026-45490

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-45490 are published in these products:

 
 
 

Affected Versions

Microsoft .NET 10.0: Microsoft .NET 8.0: Microsoft .NET 9.0: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9: Red Hat Hardened Images: Red Hat Hardened Images: Red Hat Hardened Images:

Exploit Probability

EPSS
0.21%
Percentile
11.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.