{"url":"http://public2.vulnerablecode.io/api/packages/73421?format=json","purl":"pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.0","type":"nuget","namespace":"","name":"Microsoft.NETCore.App.Runtime.linux-arm","version":"10.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.0.4","latest_non_vulnerable_version":"10.0.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23245?format=json","vulnerability_id":"VCID-5b5e-mtxr-ayek","summary":".NET Elevation of Privilege Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn elevation of privilege vulnerability exists in .NET due to improper authorization. Incorrect packaging permissions could allow an attacker to gain elevated privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26131","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07431","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26131"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131","reference_id":"CVE-2026-26131","reference_type":"","scores":[],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26131","reference_id":"CVE-2026-26131","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26131"},{"reference_url":"https://github.com/advisories/GHSA-crjq-wm6x-6qx7","reference_id":"GHSA-crjq-wm6x-6qx7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crjq-wm6x-6qx7"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-crjq-wm6x-6qx7","reference_id":"GHSA-crjq-wm6x-6qx7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-crjq-wm6x-6qx7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73422?format=json","purl":"pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4"}],"aliases":["CVE-2026-26131","GHSA-crjq-wm6x-6qx7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5b5e-mtxr-ayek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23236?format=json","vulnerability_id":"VCID-avv6-ba2c-ayeq","summary":".NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists in .NET and Microsoft.Bcl.Memory due to an out-of-bounds read when decoding malformed Base64Url input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26127","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27341","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26127"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127","reference_id":"CVE-2026-26127","reference_type":"","scores":[],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26127","reference_id":"CVE-2026-26127","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26127"},{"reference_url":"https://github.com/advisories/GHSA-73j8-2gch-69rq","reference_id":"GHSA-73j8-2gch-69rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73j8-2gch-69rq"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-73j8-2gch-69rq","reference_id":"GHSA-73j8-2gch-69rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-73j8-2gch-69rq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73422?format=json","purl":"pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4"}],"aliases":["CVE-2026-26127","GHSA-73j8-2gch-69rq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avv6-ba2c-ayeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23196?format=json","vulnerability_id":"VCID-phat-z1y6-17bh","summary":"Duplicate Advisory: Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-crjq-wm6x-6qx7. This link is maintained to preserve external references.\n\n### Original Description\n\nIncorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.","references":[{"reference_url":"https://github.com/dotnet/dotnet","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dotnet/dotnet"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131","reference_id":"CVE-2026-26131","reference_type":"","scores":[],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26131","reference_id":"CVE-2026-26131","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26131"},{"reference_url":"https://github.com/advisories/GHSA-387c-qmrw-59qv","reference_id":"GHSA-387c-qmrw-59qv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-387c-qmrw-59qv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73422?format=json","purl":"pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.4"}],"aliases":["GHSA-387c-qmrw-59qv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phat-z1y6-17bh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm@10.0.0"}