Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.8

Windows .NET Allows Unauthorized Local Privilege Escalation

GHSA-387c-qmrw-59qv
Summary

.NET in Windows has a default permission setting that could allow an authorized user to gain more access than they're supposed to on their local computer. This could potentially allow them to make changes they shouldn't be able to make. Update your .NET software to the latest version to fix this issue.

What to do
  • Update microsoft.netcore.app.runtime.linux-arm to version 10.0.4.
  • Update microsoft.netcore.app.runtime.linux-arm64 to version 10.0.4.
  • Update microsoft.netcore.app.runtime.linux-musl-arm to version 10.0.4.
  • Update microsoft.netcore.app.runtime.linux-musl-arm64 to version 10.0.4.
  • Update microsoft.netcore.app.runtime.linux-musl-x64 to version 10.0.4.
  • Update microsoft.netcore.app.runtime.linux-x64 to version 10.0.4.
Affected software
VendorProductAffected versionsFix available
microsoft.netcore.app.runtime.linux-arm > 10.0.0 , <= 10.0.3 10.0.4
microsoft.netcore.app.runtime.linux-arm64 > 10.0.0 , <= 10.0.3 10.0.4
microsoft.netcore.app.runtime.linux-musl-arm > 10.0.0 , <= 10.0.3 10.0.4
microsoft.netcore.app.runtime.linux-musl-arm64 > 10.0.0 , <= 10.0.3 10.0.4
microsoft.netcore.app.runtime.linux-musl-x64 > 10.0.0 , <= 10.0.3 10.0.4
microsoft.netcore.app.runtime.linux-x64 > 10.0.0 , <= 10.0.3 10.0.4
Original title
Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability
Original description
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-crjq-wm6x-6qx7. This link is maintained to preserve external references.

### Original Description

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
ghsa CVSS3.1 7.8
Vulnerability type
CWE-276 Incorrect Default Permissions
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026