Bug 2487164 (CVE-2026-45491)

Summary: CVE-2026-45491 dotnet: .NET: Local file tampering via link following vulnerability
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in .NET. This vulnerability, related to improper link resolution before file access (also known as 'link following'), allows an unauthorized local attacker to perform unauthorized tampering. This could lead to integrity compromise of local files.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2487589, 2487590, 2487591    
Bug Blocks:    

Description OSIDB Bzimport 2026-06-09 18:05:24 UTC 
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
Comment 2 errata-xmlrpc 2026-06-10 20:08:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:25111 https://access.redhat.com/errata/RHSA-2026:25111
Comment 3 errata-xmlrpc 2026-06-10 20:11:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:25112 https://access.redhat.com/errata/RHSA-2026:25112
Comment 4 errata-xmlrpc 2026-06-10 20:36:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:25115 https://access.redhat.com/errata/RHSA-2026:25115
Comment 5 errata-xmlrpc 2026-06-10 20:59:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:25114 https://access.redhat.com/errata/RHSA-2026:25114
Comment 6 errata-xmlrpc 2026-06-10 21:46:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:25110 https://access.redhat.com/errata/RHSA-2026:25110
Comment 7 errata-xmlrpc 2026-06-10 21:47:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:25113 https://access.redhat.com/errata/RHSA-2026:25113
Comment 8 errata-xmlrpc 2026-06-11 11:24:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:25220 https://access.redhat.com/errata/RHSA-2026:25220
Comment 9 errata-xmlrpc 2026-06-11 11:24:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:25221 https://access.redhat.com/errata/RHSA-2026:25221
Comment 10 errata-xmlrpc 2026-06-11 11:25:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:25222 https://access.redhat.com/errata/RHSA-2026:25222