HIGHCVE-2026-35433Published Modified CNA microsoft
CVE-2026-35433: .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.3
- Severity
- HIGH
- Fixed in
- 4.8.9334.0 and 4.8.4802.0
- Affected Products
- 8
Fix available
4.8.9334.0 and 4.8.4802.08.0.279.0.1610.0.8
Patch commits
Affected packages
- Microsoft / .NET 10.0< 10.0.8 (from 10.0.0)
- Microsoft / .NET 8.0< 8.0.27 (from 8.0.0)
- Microsoft / .NET 9.0< 9.0.16 (from 9.0.0)
- Microsoft / Microsoft .NET Framework 3.5< 4.8.9334.0 and 4.8.4802.0 (from 3.5.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.7.2< 4.8.9334.0 and 4.8.4802.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8< 4.8.9334.0 and 4.8.4802.0 (from 4.8.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8.1< 4.8.9334.0 and 4.8.4802.0 (from 4.8.1)
- Microsoft / Microsoft .NET Framework 4.8< 4.8.9334.0 and 4.8.4802.0 (from 4.8.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C