GHSA-8x9c-mqxv-q2pp: Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability
Executive Summary:
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/398
CVSS Details
- Version: 3.1
- Severity: High
- Score: 7.3
- Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
- Weakness: CWE-122: Heap-based Buffer Overflow, CWE-20: Improper Input Validation
Affected Platforms
- Platforms: Windows
- Architectures: All
<a name="affected-packages"></a>Affected Packages
The vulnerability affects any Microsoft .NET project if it uses any of affected package versions listed below
<a name=".NET 10"></a>.NET 10
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >= 10.0.0, <= 10.0.7 | 10.0.8
Microsoft.WindowsDesktop.App.Runtime.win-x64 | >= 10.0.0, <= 10.0.7 | 10.0.8
Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 10.0.0, <= 10.0.7 | 10.0.8
<a name=".NET 9"></a>.NET 9
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >= 9.0.0, <= 9.0.15 | 9.0.16
MMicrosoft.WindowsDesktop.App.Runtime.win-x64 | >= 9.0.0, <= 9.0.15 | 9.0.16
Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 9.0.0, <= 9.0.15 | 9.0.16
<a name=".NET 8"></a>.NET 8
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
Microsoft.WindowsDesktop.App.Runtime.win-arm64 | >= 8.0.0, <= 8.0.26 | 8.0.27
MMicrosoft.WindowsDesktop.App.Runtime.win-x64 | >= 8.0.0, <= 8.0.26 | 8.0.27
Microsoft.WindowsDesktop.App.Runtime.win-x86 | >= 8.0.0,
Details
Original advisory: https://github.com/advisories/GHSA-8x9c-mqxv-q2pp
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-354330.66% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-35433 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownMultiple vulnerabilities in Tenable Identity Exposure (June 24, 2026)cert-fr-avis
More from GitHub Security Advisories
- criticalGHSA-g936-7jqj-mwv8: TSDProxy: Internal proxy auth token forwarded to backend services enables management API …2026-07-10
- highGHSA-fpg8-7664-jc5q: melange: Incomplete package integrity verification allows data section substitution2026-07-10
- mediumGHSA-48rx-c7pg-q66r: Excon does not redact additional sensitive/risky headers when following redirects2026-07-10
- highGHSA-h4g2-xfmw-q2c9: Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enab…2026-07-10
- mediumGHSA-rqq5-2gf9-4w4q: Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when giv…2026-07-10