{"uuid": "51b2fb5c-888a-48f2-bf09-25afae0cc165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35433", "type": "seen", "source": "https://gist.github.com/alon710/dfd3811f977636ed8980add016a1bc17", "content": "# CVE-2026-35433: CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime\n\n> **CVSS Score:** 7.3\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-35433\n\n## Summary\nCVE-2026-35433 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the .NET Desktop Runtime. The flaw originates from a heap-based buffer overflow in the Windows Forms and WPF components due to improper input validation and integer overflow during binary data parsing. Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the compromised application.\n\n## TL;DR\nA local attacker can trigger a heap buffer overflow in .NET Desktop Runtime (WinForms/WPF) by supplying malformed resource files or serialized payloads, potentially resulting in code execution and privilege escalation.\n\n## Technical Details\n\n- **Primary CWE**: CWE-122 (Heap-based Buffer Overflow)\n- **Attack Vector**: Local (User Interaction Required)\n- **CVSS v3.1 Score**: 7.3\n- **EPSS Score**: 0.00122 (30.67%)\n- **Impact**: Elevation of Privilege / Arbitrary Code Execution\n- **Exploit Status**: None (No public PoC)\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- Windows Desktop environments running .NET applications\n- Systems executing WinForms applications\n- Systems executing WPF applications\n- **.NET 10.0**: 10.0.0 <= version < 10.0.8 (Fixed in: `10.0.8`)\n- **.NET 9.0**: 9.0.0 <= version < 9.0.16 (Fixed in: `9.0.16`)\n- **.NET 8.0**: 8.0.0 <= version < 8.0.27 (Fixed in: `8.0.27`)\n- **.NET Framework**: 3.5, 4.7.2, 4.8, 4.8.1 (Fixed in: `4.8.9334.0`)\n\n## Mitigation\n\n- Apply vendor-provided patches updating the .NET runtime to secure versions.\n- Restrict the processing of untrusted .resx, .ico, and binary-serialized objects from external sources.\n- Implement strict input validation for any application handling external UI resources.\n\n**Remediation Steps:**\n1. Identify all systems running vulnerable versions of .NET 8.0, 9.0, 10.0, or .NET Framework 3.5 - 4.8.1.\n2. Deploy .NET 10.0.8, 9.0.16, or 8.0.27 to all endpoints and application servers as applicable.\n3. Deploy the May 2026 Cumulative Update for Windows environments running legacy .NET Framework versions.\n4. Restart affected applications and services to ensure the patched runtime libraries are loaded into memory.\n\n## References\n\n- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-35433)\n- [WPF Dependency Update Commit](https://github.com/dotnet/wpf/commit/09e72ae8c9b1c5410ca8ad45636c52c45a2a7f29)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-35433) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T20:10:49.000000Z"}