Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

The version of tested product installed on the remote host is 8.x prior to 8.0.25, 9.x prior to 9.0.14, or 10.x prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory:

  - Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. (CVE-2026-26127)

  - Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to     deny service over a network. (CVE-2026-26130)

  - Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
    (CVE-2026-26131)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of .NET Core SDK installed on the remote host is 8.x prior to 8.0.125, 8.0.4xx prior to 8.0.419, 9.x prior to 9.0.115, 9.0.3xx prior to 9.312, or 10.x prior to 10.0.104. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory:

  - Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. (CVE-2026-26127)

  - Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to     deny service over a network. (CVE-2026-26130)

  - Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
    (CVE-2026-26131)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version nuber.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
    (CVE-2026-26131)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
302122	Security Update for Microsoft .NET Core (March 2026)	Nessus	Windows	high
302121	Security Update for Microsoft .NET Core SDK (March 2026)	Nessus	Windows	high
301849	Linux Distros Unpatched Vulnerability : CVE-2026-26131	Nessus	Misc.	high

Detections

Analytics

CVE-2026-26131

high

Tenable Plugins

high

high

high