NuGet CVE-2026-39399
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitrary blob writes due to insufficient input validation. The issue is exploitable via URI fragment injection using unsanitized package identifiers, allowing an attacker to control the resolved blob path. This enables writes to arbitrary blobs within the storage container, not limited to .nupkg files, resulting in potential tampering of existing content. This issue has been patched in commit 0e80f87628349207cdcaf55358491f8a6f1ca276.
AnalysisAI
Cross-package metadata injection in NuGet Gallery backend allows authenticated attackers to achieve remote code execution and arbitrary blob storage writes through crafted .nuspec files. Attackers exploit URI fragment injection via unsanitized package identifiers to control blob paths in the storage container, enabling tampering of existing content beyond .nupkg files. CVSS 9.6 (Critical) with network attack vector, low complexity, and scope change. Vendor-released patch available in commit 0e80f87628349207cdcaf55358491f8a6f1ca276. No public exploit identified at time of analysis.
Technical ContextAI
This vulnerability affects the NuGetGallery backend job responsible for processing NuGet package metadata from .nuspec XML manifest files. The root cause is CWE-20 (Improper Input Validation) in the handling of package identifiers within nuspec files. The backend job fails to sanitize URI fragments in package identifiers before using them to construct blob storage paths. NuGet Gallery uses Azure Blob Storage or similar object storage systems to host package files, and the vulnerable code allows attacker-controlled metadata to break out of intended path boundaries. The scope change (S:C in CVSS) indicates the vulnerability can affect resources beyond the vulnerable component's security scope, consistent with arbitrary blob writes across the storage container. The combination of metadata injection with storage path traversal creates conditions for both data integrity compromise and potential code execution if uploaded content is later processed or served by the gallery infrastructure.
Affected ProductsAI
NuGet Gallery backend job component prior to commit 0e80f87628349207cdcaf55358491f8a6f1ca276. This affects self-hosted NuGetGallery instances and the nuget.org public repository infrastructure. The vulnerability resides in the server-side package processing pipeline that handles .nuspec file parsing and blob storage operations during package upload and indexing workflows. Specific version ranges are not provided in the advisory, but all deployments prior to the patched commit are presumed vulnerable. The issue impacts the backend job subsystem specifically, which operates independently of the web frontend during asynchronous package processing. Vendor advisory available at https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr.
RemediationAI
Update NuGetGallery to a version incorporating commit 0e80f87628349207cdcaf55358491f8a6f1ca276 or later. Organizations running self-hosted NuGet Gallery instances should pull the latest code from the official repository and redeploy the backend job component immediately. Review the patch commit at https://github.com/NuGet/NuGetGallery/commit/0e80f87628349207cdcaf55358491f8a6f1ca276 to understand the implemented input validation and sanitization controls. After patching, audit existing blob storage for any anomalous files or modified packages uploaded during the vulnerability window, particularly examining blobs outside normal .nupkg naming conventions. For organizations unable to immediately patch, implement strict access controls limiting package upload privileges to thoroughly vetted accounts, enable detailed logging of all package uploads and blob storage operations, and consider disabling automated backend job processing until remediation is complete. Full advisory and remediation guidance at https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr.
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today