DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-26131: CVE-2026-26131: Local Elevation of Privilege via Incorrect Default Permissions in .NET 10.0

#security #cve #cybersecurity

CVE-2026-26131: Local Elevation of Privilege via Incorrect Default Permissions in .NET 10.0

Vulnerability ID: CVE-2026-26131
CVSS Score: 7.8
Published: 2026-03-11

CVE-2026-26131 is a critical Elevation of Privilege (EoP) vulnerability affecting Microsoft .NET 10.0 on Linux platforms. It is caused by incorrect default permissions applied during the build process, rendering core runtime components world-writable and susceptible to local binary planting and privilege escalation.

TL;DR

A flaw in the .NET 10.0 packaging pipeline results in world-writable runtime binaries on Linux, allowing local users to achieve privilege escalation by overwriting core files executed by high-privileged processes.

Technical Details

  • Vulnerability Type: Incorrect Default Permissions
  • CWE ID: CWE-276
  • CVSS v3.1 Score: 7.8
  • Attack Vector: Local
  • EPSS Score: 0.00042 (12.50%)
  • CISA KEV: Not Listed
  • Exploit Status: Unproven/Theoretical via known vectors

Affected Systems

  • Microsoft .NET 10.0 on Linux (x64, ARM, ARM64)
  • Microsoft .NET: 10.0.0 - 10.0.3 (Fixed in: 10.0.4)

Code Analysis

Commit: dc639aa

Fix Commit (dotnet/runtime)

Commit: 68e6a46

Infrastructure Fix

Commit: a73f1f6

Hardened Image Update

Commit: bc435f2

Version Bump (10.0.4)

Mitigation Strategies

  • Update Microsoft .NET SDK and Runtime to version 10.0.4.
  • Re-publish all Self-Contained Deployments (SCD) built with affected SDK versions using the patched 10.0.4 SDK.
  • Audit filesystem permissions in the /usr/share/dotnet/ directory to ensure no world-writable files exist.

Remediation Steps:

  1. Identify all systems running .NET 10.0.0 through 10.0.3 using asset management or package management queries.
  2. Deploy the updated packages for .NET 10.0.4 using system package managers (e.g., apt, dnf, yum).
  3. For systems that cannot be immediately updated, execute 'chmod -R o-w /usr/share/dotnet/' to manually revoke world-writable permissions.
  4. Identify self-contained applications in the environment and mandate recompilation using the 10.0.4 SDK.

References

Read the full report for CVE-2026-26131 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)