CVE-2026-26131

High

Published: 10 March 2026

Published

10 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26131 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Microsoft .Net. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the incorrect default permissions flaw in .NET through timely identification, testing, and deployment of vendor patches.

CM-6 Configuration Settings good match

prevent

Ensures .NET components are configured with secure baseline settings, including correct file permissions, to block unauthorized privilege escalation.

AC-6 Least Privilege partial match

prevent

Enforces least privilege for local accounts, limiting the scope and impact of privilege escalation exploits in .NET.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE describes local privilege escalation via exploitation of incorrect default permissions (CWE-276) in .NET, directly matching T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-26131 involves incorrect default permissions in .NET, enabling an authorized attacker to elevate privileges locally. This vulnerability, associated with CWE-276, affects .NET components and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2026-03-10.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Successful exploitation allows privilege escalation, resulting in high impacts to confidentiality, integrity, and availability.

Microsoft's update guide provides details on mitigation for CVE-2026-26131 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131.

Details

CWE(s): CWE-276

Affected Products

microsoft

.net

10.0.0 — 10.0.4

CVEs Like This One

CVE-2025-21173Same product: Linux Linux Kernel

CVE-2026-31743Same product: Linux Linux Kernel

CVE-2026-23099Same product: Linux Linux Kernel

CVE-2024-58055Same product: Linux Linux Kernel

CVE-2025-21735Same product: Linux Linux Kernel

CVE-2026-23221Same product: Linux Linux Kernel

CVE-2025-21763Same product: Linux Linux Kernel

CVE-2025-21631Same product: Linux Linux Kernel

CVE-2026-31453Same product: Linux Linux Kernel

CVE-2026-23411Same product: Linux Linux Kernel

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131
Vendor Advisory · secure@microsoft.com