CVE-2026-35433

HIGH7.3JSON export Create alert

Description

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft .NET Framework 3.53.5.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.7.24.7.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.84.8.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.8.14.8.1 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 4.84.8.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / .NET 10.010.0.0 – 10.0.8
Microsoft / .NET 8.08.0.0 – 8.0.27
Microsoft / .NET 9.09.0.0 – 9.0.16

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433