Listen to this Post
The vulnerability stems from incorrect default permissions (CWE-276) within .NET 10.0 on Linux systems. During the packaging process of .NET applications, improper authorization settings are applied to certain resources or directories. This misconfiguration allows a local authenticated attacker to exploit these weak permissions. By leveraging this flaw, the attacker can modify, replace, or inject malicious code into the application’s execution context. Since the affected component runs with elevated privileges, the attacker can achieve privilege escalation, gaining unauthorized access to system resources, sensitive data, and higher-level functions. The attack vector is local, requires low complexity, needs no user interaction, and can compromise confidentiality, integrity, and availability.
dailycve form:
Platform: Linux
Version: .NET 10
Vulnerability: Incorrect default permissions
Severity: High (7.8)
date: March 10, 2026
Prediction: Patch already released
What Undercode Say:
Analytics:
The vulnerability is local, requires low complexity, and affects all architectures. EPSS score not yet available.
Commands:
Check installed .NET versions dotnet --info Update .NET SDK on Linux (example for Ubuntu) sudo apt update sudo apt install dotnet-sdk-10.0 Recompile self-contained applications dotnet publish -c Release -r linux-x64 --self-contained true
Exploit:
The exploit involves modifying files with weak permissions to inject malicious code. No public exploit available.
Protection from this CVE:
Install latest .NET 10.0 update. Update Visual Studio to 17.14.28. Restart apps. Recompile self-contained deployments.
Impact:
Local privilege escalation to root/system access. Full system compromise possible.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

