https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-26T06:11:06.532199+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/3fd610fc-abf0-4982-baf0-7bf9c13c7195/export3fd610fc-abf0-4982-baf0-7bf9c13c71952026-06-26T06:11:06.554786+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "3fd610fc-abf0-4982-baf0-7bf9c13c7195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/6783c7f2ed7c6e138aaba0f21814c8e7", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:31:48.000000Z"}2026-06-16T15:31:48+00:00https://vulnerability.circl.lu/sighting/cd54a6c0-84f0-43dd-a751-bedb7567f321/exportcd54a6c0-84f0-43dd-a751-bedb7567f3212026-06-26T06:11:06.554703+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "cd54a6c0-84f0-43dd-a751-bedb7567f321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/a6c468e4494cbab0d52196d8ff716d7b", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:41:21.000000Z"}2026-06-16T15:41:21+00:00https://vulnerability.circl.lu/sighting/ad02ff49-f6ca-4040-9fea-5ce742b0353e/exportad02ff49-f6ca-4040-9fea-5ce742b0353e2026-06-26T06:11:06.554634+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "ad02ff49-f6ca-4040-9fea-5ce742b0353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mog6ajxxym2y", "content": "\ud83d\udea8 EUVD-2026-35675\n\ud83d\udcca 6.2/10\n\ud83c\udfe2 Microsoft\n\n\ud83d\udcdd Microsoft Security Advisory CVE-2026-45491 \u2013 .NET Tampering Vulnerability\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-35675\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-16T16:01:07.420921Z"}2026-06-16T16:01:07.420921+00:00https://vulnerability.circl.lu/sighting/4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28/export4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f282026-06-26T06:11:06.554544+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mogmsxghdl2v", "content": "Every Windows machine running Microsoft Defender $MSFT is exposed until the latest Antimalware Platform update is installed. RedSun (CVE-2026-41091) lets any local user become SYSTEM; UnDefend (CVE-2026-45498) silently blocks Defender updates. Both actively exploited. CISA KEV deadline June 3.", "creation_timestamp": "2026-06-16T20:21:58.377278Z"}2026-06-16T20:21:58.377278+00:00https://vulnerability.circl.lu/sighting/ca6b960b-6009-483a-b880-0dbc289a5813/exportca6b960b-6009-483a-b880-0dbc289a58132026-06-26T06:11:06.554471+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "ca6b960b-6009-483a-b880-0dbc289a5813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moj45ndbgc2y", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u304cUnDefend\u3068RedSun Defender\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u30d1\u30c3\u30c1\u3092\u516c\u958b\n\n\u6700\u521d\u306e\u8106\u5f31\u6027\u306fCVE-2026-41091\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u653b\u6483\u8005\u304c\u30b7\u30b9\u30c6\u30e0\u6a29\u9650\u306b\u6607\u683c\u3067\u304d\u308b\u30ea\u30f3\u30af\u8ffd\u8de1\u306e\u554f\u984c\u3068\u3057\u3066\u8aac\u660e\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u300cMicrosoft Defender\u3067\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u30a2\u30af\u30bb\u30b9\u524d\u306e\u30ea\u30f3\u30af\u89e3\u6c7a\uff08\u300c\u30ea\u30f3\u30af\u306e\u8ffd\u8de1\u300d\uff09\u304c\u4e0d\u9069\u5207\u3067\u3042\u308b\u305f\u3081\u3001\u6a29\u9650\u306e\u3042\u308b\u653b\u6483\u8005\u304c\u30ed\u30fc\u30ab\u30eb\u3067\u6a29\u9650\u3092\u6607\u683c\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u300d\u3068\u3001Microsoft\u306f\u7c21\u6f54\u306a\u52e7\u544a\u306e\u4e2d\u3067\u6307\u6458\u3057\u3066\u3044\u308b\u3002\n\n2\u3064\u76ee\u306e\u30d0\u30b0\u306f\u3001CVE-2026-45498\uff08CVSS\u30b9\u30b3\u30a24.0\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u30b5\u30fc...", "creation_timestamp": "2026-06-17T20:01:46.883287Z"}2026-06-17T20:01:46.883287+00:00https://vulnerability.circl.lu/sighting/d5de4181-efff-49b6-a6d5-9b5f329d2b17/exportd5de4181-efff-49b6-a6d5-9b5f329d2b172026-06-26T06:11:06.554393+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "d5de4181-efff-49b6-a6d5-9b5f329d2b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3molmkbqrgk2q", "content": "\u7c73\u5f53\u5c40\u3001\u8106\u5f31\u6027\u60aa\u7528\u78ba\u8a8d\u30ea\u30b9\u30c8\u306b7\u4ef6\u8ffd\u52a0 - IE\u306a\u3069\u65e7\u88fd\u54c1\u95a2\u9023\u3082\n\n\u7c73\u5f53\u5c40\u306f\u3001\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u60277\u4ef6\u306b\u3064\u3044\u3066\u6ce8\u610f\u559a\u8d77\u3092\u884c\u3063\u305f\u3002\u3053\u306e\u3046\u30612\u4ef6\u306f2026\u5e745\u6708\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u3060\u304c\u3001\u306e\u3053\u308b5\u4ef6\u306f2010\u5e74\u4ee5\u524d\u306e\u8106\u5f31\u6027\u3068\u306a\u3063\u3066\u3044\u308b\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u73fe\u5730\u6642\u95932026\u5e745\u670820\u65e5\u3001\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8106\u5f31\u60277\u4ef6\u3092\u767b\u9332\u3002\u7c73\u56fd\u5185\u306e\u884c\u653f\u6a5f\u95a2\u3078\u5bfe\u7b56\u3092\u4fc3\u3059\u3068\u3068\u3082\u306b\u3001\u5e83\u304f\u6ce8\u610f\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\n\n\u4eca\u56de\u767b\u9332\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u3046\u3061\u30012026\u5e74\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u306f\u300cCVE-2026-41091\u300d\u300cCVE-2026-45498\u300d\u306e2\u4ef6...", "creation_timestamp": "2026-06-18T20:00:27.599062Z"}2026-06-18T20:00:27.599062+00:00https://vulnerability.circl.lu/sighting/84ed46ad-281e-453d-a236-bf070bbb78ca/export84ed46ad-281e-453d-a236-bf070bbb78ca2026-06-26T06:11:06.554301+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "84ed46ad-281e-453d-a236-bf070bbb78ca", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3479ba21-8f89-4c56-97ce-b6cdebc9b5c7", "content": "", "creation_timestamp": "2026-06-19T12:45:11.920951Z"}2026-06-19T12:45:11.920951+00:00https://vulnerability.circl.lu/sighting/768a2eba-3f44-4117-b3cf-dfce07d15c7c/export768a2eba-3f44-4117-b3cf-dfce07d15c7c2026-06-26T06:11:06.554222+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "768a2eba-3f44-4117-b3cf-dfce07d15c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45495", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmmgau2k2j", "content": "\ud83d\udea8 ALERT: CVE-2026-45495\n\nCVSS 8.8/10\n\n\ud83d\udccb WHAT IT IS:\nMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability\n\n\ud83c\udfaf WHO'S AFFECTED:\n \u2022 Edge Chromium\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown\nImpact: high impact on confidentiality, integrity, availability\n\n\u2705 WHAT TO DO:\n 1. Identify af", "creation_timestamp": "2026-06-22T00:22:55.279515Z"}2026-06-22T00:22:55.279515+00:00https://vulnerability.circl.lu/sighting/48834e21-f3df-4325-8a42-e0da8b49706e/export48834e21-f3df-4325-8a42-e0da8b49706e2026-06-26T06:11:06.554113+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "48834e21-f3df-4325-8a42-e0da8b49706e", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c46c47c1-3450-4ced-8bec-e2c77b5d96c9", "content": "", "creation_timestamp": "2026-06-23T14:03:37.862611Z"}2026-06-23T14:03:37.862611+00:00https://vulnerability.circl.lu/sighting/7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d/export7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d2026-06-26T06:11:06.552338+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mp2vqbjkh226", "content": "\ud83d\udea8 Alerta: Explotaci\u00f3n activa de vulnerabilidades cr\u00edticas en Microsoft Defender | CVE-2026-4109 | CVE-2026-45498 | www.newstecnicas.com/2026/06/aler...", "creation_timestamp": "2026-06-24T21:54:51.060392Z"}2026-06-24T21:54:51.060392+00:00