CVE-2026-50526
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Vulnerability report for CVE-2026-50526, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: Microsoft Corporation
Description
Description
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | .net | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |