Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Local low-priv attacker winning a symlink TOCTOU race (AV:L/AC:H/PR:L); description emphasizes tampering so I:H/A:H, with only limited confidentiality (C:L) since impact is redirected file writes.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
AnalysisAI
Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have a low-privileged authenticated local account (PR:L) on the machine running the affected .NET runtime/SDK or Visual Studio, and the ability to create symbolic/hard links or junctions on the target filesystem (on Windows, symlink creation is privileged by default, which is a meaningful limiter). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H = 7.0) describes a locally exploitable flaw needing an already-authenticated low-privileged user and a hard-to-win race (AC:H), but full high impact to confidentiality, integrity, and availability once won. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged user on a shared build server or multi-tenant host pre-plants a symbolic link (or wins a race by swapping a directory for a link) at a path that a higher-privileged .NET or Visual Studio build operation is about to write to, causing that trusted process to overwrite or create a file at an attacker-controlled location. Because the race is timing-sensitive (AC:H) the attacker may need many attempts, but success can corrupt sensitive files or plant content used for later privilege escalation. … |
| Remediation | Patch available per vendor advisory: apply the Microsoft update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50526, which covers the affected .NET 8.0/9.0/10.0 runtimes and SDKs and the Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) packages - the exact fixed version numbers are enumerated in that advisory and should be pulled from there rather than assumed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit deployments of .NET 8.0, 9.0, and 10.0, and Visual Studio 2022 (versions 17.12, 17.14) and 2026 (version 18.7) to identify affected systems, prioritizing build servers and CI/CD environments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 a
Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to ex
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service o
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully
Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumve
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows a remote, unauthenticated attacker to crash or
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allo
Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticate
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44394