VDB

CVE-2026-45491

CVE-2026-45491 PUBLISHED CVSS 6.2 MEDIUM

Reported by microsoft · Published June 9, 2026

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

Risk Scores

CVSS v3.1
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
Microsoft.NET 10.010.0.0
Microsoft.NET 8.08.0
Microsoft.NET 8.08.0.0
Microsoft.NET 9.09.0.0
alpinedotnet9-runtime0, 0, 0
Microsoft.NET 9.09.0.0, 9.0.0
Microsoft.NET 8.08.0, 8.0.0, 8.0
microsoft.net10.0.0, 8.0, 8.0.0
alpinedotnet10-runtime0, 0, 0
Microsoft.NET 10.010.0.0, 10.0.0
alpinedotnet8-runtime0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 10, 2026 CVE Updated
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›