CVE-2026-26131: .NET Elevation of Privilege Vulnerability

March 11, 2026

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An elevation of privilege vulnerability exists in .NET due to improper authorization. Incorrect packaging permissions could allow an attacker to gain elevated privileges.

References

github.com/advisories/GHSA-crjq-wm6x-6qx7
github.com/dotnet/runtime
github.com/dotnet/runtime/security/advisories/GHSA-crjq-wm6x-6qx7
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131
nvd.nist.gov/vuln/detail/CVE-2026-26131

Code Behaviors & Features

Detect and mitigate CVE-2026-26131 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →