Critical .NET Vulnerabilities in Ubuntu Affect Multiple Releases

On June 9, 2026, two critical vulnerabilities in .NET were disclosed, affecting Ubuntu versions 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. The vulnerabilities include CVE-2026-45491, which allows unauthorized file tampering, and CVE-2026-45591, which can lead to denial of service through excessive resource consumption. Attackers can exploit these flaws locally, posing a significant risk to systems using .NET CLI tools and runtime. Users are advised to update their systems to the latest package versions to mitigate these vulnerabilities. The vulnerabilities were confirmed by Ubuntu's security team and are part of a broader advisory for .NET users. A standard system update will address the issues.

Key Points: • Two critical vulnerabilities in .NET affect multiple Ubuntu releases. • CVE-2026-45491 allows unauthorized file tampering, while CVE-2026-45591 can cause denial of service. • Users are urged to update their systems to the latest package versions to mitigate risks.