{
  "threat_severity" : "Moderate",
  "public_date" : "2026-06-09T17:04:44Z",
  "bugzilla" : {
    "description" : "dotnet: .NET: Local file tampering via link following vulnerability",
    "id" : "2487164",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2487164"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-59",
  "details" : [ "Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.", "A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory() method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issue to create or overwrite files in locations accessible to the extracting process, potentially leading to unauthorized file modification." ],
  "statement" : "This vulnerability affects .NET's TAR archive extraction functionality. Red Hat Product Security has assessed this issue as a Moderate severity vulnerability.\nThe flaw occurs in System.Formats.Tar when processing TAR archives containing symbolic links. During extraction, the TarFile.ExtractToDirectory() method may incorrectly follow symlink paths and write files outside the intended extraction directory.\nSuccessful exploitation requires a vulnerable application to process a specially crafted TAR archive. An attacker could use this behavior to create or overwrite files in locations accessible to the extracting process, potentially affecting system or application integrity.\nThe vulnerability is a symlink path traversal issue that results in unauthorized file modification outside the designated extraction directory. The primary security impact is integrity compromise through arbitrary file writes.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25111",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "dotnet8.0-0:8.0.128-1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25112",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "dotnet9.0-0:9.0.118-1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25115",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "dotnet10.0-0:10.0.109-1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28007",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "dotnet8.0-0:8.0.128-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28009",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "dotnet9.0-0:9.0.118-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25110",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet8.0-0:8.0.128-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25113",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet9.0-0:9.0.118-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25114",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet10.0-0:10.0.109-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25220",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet8.0-0:8.0.128-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25221",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet9.0-0:9.0.118-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25222",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet10.0-0:10.0.109-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-23T00:00:00Z",
    "advisory" : "RHSA-2026:28227",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "dotnet8.0-0:8.0.128-1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28011",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "dotnet8.0-0:8.0.128-1.el9_6"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17527",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet9-0-main-9.0.117-1.hum1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26638",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet10-0-main-10.0.109-1.hum1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-06-18T00:00:00Z",
    "advisory" : "RHSA-2026:26994",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet8-0-main-8.0.128-1.hum1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-45491\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45491\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491" ],
  "name" : "CVE-2026-45491",
  "mitigation" : {
    "value" : "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
    "lang" : "en:us"
  },
  "csaw" : false
}