BIT-dotnet-sdk-2025-26646

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/dotnet-sdk/BIT-dotnet-sdk-2025-26646.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-dotnet-sdk-2025-26646

Aliases

BIT-dotnet-2025-26646
CVE-2025-26646
GHSA-h4j7-5rxr-p4wc

Published

2025-07-11T05:41:38.131Z

Modified

2025-07-11T06:41:58.109474Z

Summary

.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Details

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Database specific

{
    "cpes": [
        "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646
https://nvd.nist.gov/vuln/detail/CVE-2025-26646

Affected packages

Bitnami / dotnet-sdk

Package

Name: dotnet-sdk
Purl: pkg:bitnami/dotnet-sdk

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.0.101

Introduced

9.0.0

Fixed

9.0.100