CVSS 7.3 HIGH
Vulnerability
CVE-2026-35433: Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to updat…
7.3CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-35433 |
| Vendor | nuget |
| Affected Product | Microsoft.WindowsDesktop.App.Runtime.win-arm64 |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.3 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/398
CVSS Details - Version: 3.1
• Severity: High
• Score: 7.3
• Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C - Weakness: CWE-122: Heap-based Buffer Overflow, CWE-20: Improper Input Validation
Affected Platforms - Platforms: Windows
• Architectures: All
Affected Packages
Th
🎯 Known Indicators of Compromise
{"type":"url","value":"https://github.com/dotnet/announcements/issues/398","confidence_score":0.82,"first_seen":"2026-05-18","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-35433 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →