CVE-2026-35433

high Microsoft
CVSS v3 Base Score
7.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
EPSS Score
0.7%
Exploitation probability in 30 days
Top 53% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
Low
Published: May 12, 2026 (58 days ago)
Last Modified: June 30, 2026
Vendor: Microsoft
Source: MITRE

Description

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CWE

CWE-20

Affected Products

Microsoft .NET 10.0Microsoft .NET 8.0Microsoft .NET 9.0Microsoft Microsoft .NET Framework 3.5Microsoft Microsoft .NET Framework 3.5 AND 4.7.2Microsoft Microsoft .NET Framework 3.5 AND 4.8Microsoft Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Microsoft .NET Framework 4.8

References