BIT-dotnet-2025-26646

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/dotnet/BIT-dotnet-2025-26646.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-dotnet-2025-26646

Aliases

BIT-dotnet-sdk-2025-26646
CVE-2025-26646
GHSA-h4j7-5rxr-p4wc

Published

2025-07-11T05:41:32.524Z

Modified

2025-07-11T06:26:56.721070Z

Summary

.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Details

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
    ]
}

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646
https://nvd.nist.gov/vuln/detail/CVE-2025-26646

Affected packages

Bitnami / dotnet

Package

Name: dotnet
Purl: pkg:bitnami/dotnet

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.0.16

Introduced

9.0.0

Fixed

9.0.5