CVE-2026-35433
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVSS
7.3
Alto
EPSS
0.7%
p48
KEV
—
Exploit Today
14
0-100
Publicado: 12 may 2026 · Última mod.: 15 jul 2026 · CWE-20 · CWE-190
0.7%EPSS · 30 días0.7%
2026-06-302026-07-17
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
- msrc.microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-35433
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2476577
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35433.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2025-607877.2 ALT97.0%
——29MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.13dCVE-2020-292387.5 ALT96.6%
——29An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.9dCVE-2017-149197.5 ALT94.3%
——28Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.3dCVE-2026-482849.6 CRÍ94.1%
——28ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.2d