VYPR
High severity7.3NVD Advisory· Published May 12, 2026· Updated Jun 9, 2026

CVE-2026-35433

CVE-2026-35433

Description

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.WindowsDesktop.App.Runtime.win-arm64NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.WindowsDesktop.App.Runtime.win-arm64NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.WindowsDesktop.App.Runtime.win-arm64NuGet
>= 10.0.0, < 10.0.810.0.8
Microsoft.WindowsDesktop.App.Runtime.win-x64NuGet
>= 10.0.0, < 10.0.810.0.8
Microsoft.WindowsDesktop.App.Runtime.win-x86NuGet
>= 10.0.0, < 10.0.810.0.8

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

2