Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-06-09T17:04:43 dotnet: .NET SDK workload elevate: arbitrary file creation/truncation via LogFile named pipe. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-266

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

A flaw was found in the .NET SDK dotnet.exe workload command on Windows. Insufficient access controls on a named pipe could allow a local attacker to perform arbitrary file creation or truncation operations with the privileges of another local user. This issue may lead to privilege escalation and unauthorized access, modification, or destruction of data belonging to the targeted user.

Red Hat products are not affected by this vulnerability. The issue is specific to the .NET SDK workload management functionality on Microsoft Windows systems and does not impact Red Hat supported platforms. Red Hat Enterprise Linux 10 Not affected dotnet10.0 Red Hat Enterprise Linux 10 Not affected dotnet8.0 Red Hat Enterprise Linux 10 Not affected dotnet9.0 Red Hat Enterprise Linux 8 Not affected dotnet10.0 Red Hat Enterprise Linux 8 Not affected dotnet8.0 Red Hat Enterprise Linux 8 Not affected dotnet9.0 Red Hat Enterprise Linux 9 Not affected dotnet10.0 Red Hat Enterprise Linux 9 Not affected dotnet8.0 Red Hat Enterprise Linux 9 Not affected dotnet9.0 Red Hat Hardened Images Not affected dotnet10.0 Red Hat Hardened Images Not affected dotnet8.0 Red Hat Hardened Images Not affected dotnet9.0 https://www.cve.org/CVERecord?id=CVE-2026-45490 https://nvd.nist.gov/vuln/detail/CVE-2026-45490 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45490