Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-12T16:58:34 dotnet: .NET: improper input validation allows an attacker to elevate privileges locally 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CWE-20

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

A flaw was found in dotnet. Improper input validation and an integer overflow in .NET allow an unauthenticated attacker to elevate privileges locally.

As this flaw allows an unauthenticated attacker to elevate privileges locally, it has been rated with an important severity. This vulnerability affects .NET running on Windows systems. Therefore, Red Hat products are not affected by this issue. Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. Red Hat Enterprise Linux 10 Not affected dotnet10.0 Red Hat Enterprise Linux 10 Not affected dotnet8.0 Red Hat Enterprise Linux 10 Not affected dotnet9.0 Red Hat Enterprise Linux 8 Not affected dotnet10.0 Red Hat Enterprise Linux 8 Not affected dotnet8.0 Red Hat Enterprise Linux 8 Not affected dotnet9.0 Red Hat Enterprise Linux 9 Not affected dotnet10.0 Red Hat Enterprise Linux 9 Not affected dotnet8.0 Red Hat Enterprise Linux 9 Not affected dotnet9.0 Red Hat Hardened Images Not affected dotnet10.0 Red Hat Hardened Images Not affected dotnet8.0 Red Hat Hardened Images Not affected dotnet9.0 https://www.cve.org/CVERecord?id=CVE-2026-35433 https://nvd.nist.gov/vuln/detail/CVE-2026-35433 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433