Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2026-35433

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

VectorLOCAL

PublishedMay 12, 2026, 18:17

Published Bysecure@microsoft.com

Base Score

Score7.3

Package (Ecosystem)IntroducedFixedLimit

Microsoft.WindowsDesktop.App.Runtime.win-arm64(NuGet)8.0.08.0.27N/A

Microsoft.WindowsDesktop.App.Runtime.win-x64(NuGet)8.0.08.0.27N/A

Microsoft.WindowsDesktop.App.Runtime.win-x86(NuGet)8.0.08.0.27N/A

Microsoft.WindowsDesktop.App.Runtime.win-x86(NuGet)9.0.09.0.16N/A

Microsoft.WindowsDesktop.App.Runtime.win-x64(NuGet)9.0.09.0.16N/A

Microsoft.WindowsDesktop.App.Runtime.win-arm64(NuGet)9.0.09.0.16N/A

Microsoft.WindowsDesktop.App.Runtime.win-arm64(NuGet)10.0.010.0.8N/A

Microsoft.WindowsDesktop.App.Runtime.win-x64(NuGet)10.0.010.0.8N/A

Microsoft.WindowsDesktop.App.Runtime.win-x86(NuGet)10.0.010.0.8N/A

CWE-20

Base Score

7.3

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Base SeverityHigh

Version

3.1

Attack Vector (AV)

LOCAL