VDB
RHSA-2026%3A25114
RHSA-2026%3A25114
PUBLISHED
CVSS 6.199999809265137 MEDIUM
A flaw was found in .NET. This vulnerability, related to improper link resolution before file access (also known as 'link following'), allows an unauthorized local attacker to perform unauthorized tampering. This could lead to integrity compromise of local files.
Risk Scores
CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | dotnet-templates-10.0-0:10.0.109-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet-sdk-dbg-10.0-0:10.0.109-1.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet10.0-debuginfo-0:10.0.109-1.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-debuginfo |
| Red Hat | aspnetcore-targeting-pack-10.0-0:10.0.9-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet-sdk-aot-10.0-0:10.0.109-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-0 |
| Red Hat | dotnet-host-0:10.0.9-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0.9-1.el8 |
| Red Hat | dotnet-hostfxr-10.0-0:10.0.9-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-0 |
| Red Hat | dotnet-sdk-aot-10.0-0:10.0.109-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet-sdk-10.0-debuginfo-0:10.0.109-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-debuginfo |
| Red Hat | dotnet-hostfxr-10.0-0:10.0.9-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet-templates-10.0-0:10.0.109-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-0 |
| Red Hat | dotnet-targeting-pack-10.0-0:10.0.9-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | aspnetcore-runtime-dbg-10.0-0:10.0.9-1.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
| Red Hat | dotnet-0:10.0.109-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0.109-1.el8 |
| Red Hat | dotnet-host-0:10.0.9-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0.9-1.el8 |
| Red Hat | dotnet-runtime-10.0-debuginfo-0:10.0.9-1.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-debuginfo |
| Red Hat | dotnet-hostfxr-10.0-debuginfo-0:10.0.9-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-debuginfo |
| Red Hat | dotnet-sdk-aot-10.0-0:10.0.109-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-0 |
| Red Hat | dotnet-hostfxr-10.0-0:10.0.9-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | 10.0-0 |
| Red Hat | dotnet-runtime-10.0-0:10.0.9-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8) | 10.0-0 |
…and 158 more
Timeline
- Jun 10, 2026 CVE Published
- Jun 11, 2026 CVE Updated
- Jun 11, 2026 Distribution Patch
- Jun 11, 2026 Distribution Patch
- Jun 11, 2026 Security Advisory
- Jun 11, 2026 Security Advisory
- Jun 11, 2026 Security Advisory
- Jun 11, 2026 Security Advisory
- Jun 11, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:25114 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2487164 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2487224 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25114.json advisory
- https://access.redhat.com/security/cve/CVE-2026-45491 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-45491 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-45491 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491 advisory
- https://access.redhat.com/security/cve/CVE-2026-45591 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-45591 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-45591 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591 advisory