HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45490Published Modified CNA microsoft

CVE-2026-45490: .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
8.0.28
Affected Products
3

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper authorization vulnerability in the .NET SDK allows a local attacker with a low-privilege account to elevate their privileges on the affected host. The vulnerability is reachable only with an existing local session and does not require any user interaction. Successful exploitation gives the attacker full read, write, and availability control over resources on the affected system. Patched-image rebuilds at .NET versions 8.0.28, 9.0.17, and 10.0.9 are available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle an affected .NET SDK version. Any image in a customer registry or CI pipeline that carries .NET 8.0 before 8.0.28, 9.0 before 9.0.17, or 10.0 before 10.0.9 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 7.8 HIGH using the CVSS v3.1 vector and weights it against each environment's compliance policy to determine urgency and routing. Findings are surfaced to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at the applicable fix version (8.0.28, 9.0.17, or 10.0.9) becomes available in HarborGuard as soon as the upstream packages are published. For customers who opt into auto-remediation, HarborGuard runs the rebuild, executes a regression test suite against the new image, and opens a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network access to the service is required.

  • AuthenticationRequired

    The attacker must be authenticated to the local system; any low-privilege account is sufficient to attempt exploitation.

  • Victim interactionNot required

    No action from another user or victim is needed; the attacker can trigger the exploit entirely on their own.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layout, or other variable environmental factors.

Blast Radius

  • A successful attacker reads sensitive files and data accessible to higher-privilege processes on the host, including credentials or configuration secrets.
  • The attacker writes or modifies files and system state outside the bounds of their original low-privilege account.
  • The attacker can disrupt or terminate processes and services on the host, causing a denial of service for workloads running on the same system.
  • All three impact dimensions (confidentiality, integrity, and availability) are rated HIGH, meaning the attacker gains effective full control over the affected host context.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45490 is active across all customer environments, matching images that bundle .NET 8.0 before 8.0.28, .NET 9.0 before 9.0.17, or .NET 10.0 before 10.0.9. For customers who opt into auto-remediation, HarborGuard rebuilds the affected image at the appropriate fix version, runs a regression test pass, and opens a pull request against impacted workloads. For high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and a pre-populated remediation ticket are queued for reviewer action. Customers who cannot immediately apply the patched image should consider restricting local shell access to affected hosts through OS-level user controls and auditing any .NET SDK usage inside container images to confirm whether the SDK (as opposed to only the runtime) is present, since the SDK surface is the affected component.

See how HarborGuard automates this

Fix available

8.0.289.0.1710.0.9
Patch commits
Affected packages
  • Microsoft / .NET 10.0
    < 10.0.9 (from 10.0.0)
  • Microsoft / .NET 8.0
    < 8.0.28 (from 8.0.0)
  • Microsoft / .NET 9.0
    < 9.0.17 (from 9.0.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References