CVE-2026-26131: CVE-2026-26131: Local Elevation of Privilege via Incorrect Default Permissions in .NET 10.0
CVSS Score: 7.8 Published: 2026-03-11 Full Report: https://cvereports.com/reports/CVE-2026-26131
CVE-2026-26131 is a critical Elevation of Privilege (EoP) vulnerability affecting Microsoft .NET 10.0 on Linux platforms. It is caused by incorrect default permissions applied during the build process, rendering core runtime components world-writable and susceptible to local binary planting and privilege escalation.
A flaw in the .NET 10.0 packaging pipeline results in world-writable runtime binaries on Linux, allowing local users to achieve privilege escalation by overwriting core files executed by high-privileged processes.
- Vulnerability Type: Incorrect Default Permissions
- CWE ID: CWE-276
- CVSS v3.1 Score: 7.8
- Attack Vector: Local
- EPSS Score: 0.00042 (12.50%)
- CISA KEV: Not Listed
- Exploit Status: Unproven/Theoretical via known vectors
- Microsoft .NET 10.0 on Linux (x64, ARM, ARM64)
- Microsoft .NET: 10.0.0 - 10.0.3 (Fixed in:
10.0.4)
- Update Microsoft .NET SDK and Runtime to version 10.0.4.
- Re-publish all Self-Contained Deployments (SCD) built with affected SDK versions using the patched 10.0.4 SDK.
- Audit filesystem permissions in the /usr/share/dotnet/ directory to ensure no world-writable files exist.
Remediation Steps:
- Identify all systems running .NET 10.0.0 through 10.0.3 using asset management or package management queries.
- Deploy the updated packages for .NET 10.0.4 using system package managers (e.g., apt, dnf, yum).
- For systems that cannot be immediately updated, execute 'chmod -R o-w /usr/share/dotnet/' to manually revoke world-writable permissions.
- Identify self-contained applications in the environment and mandate recompilation using the 10.0.4 SDK.
Generated by CVEReports - Automated Vulnerability Intelligence