CVE-2021-26701: .NET Core Remote Code Execution Vulnerability
First published: Thu Feb 25 2021(Updated: )
.NET Core Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/System.Text.Encodings.Web | =5.0.0 | 5.0.1 |
| nuget/System.Text.Encodings.Web | >=4.6.0<4.7.2 | 4.7.2 |
| nuget/System.Text.Encodings.Web | >=4.0.0<4.5.1 | 4.5.1 |
| Microsoft .NET | >=5.0<5.0.4 | |
| Microsoft .NET Core | >=2.1<2.1.28 | |
| Microsoft .NET Core | >=3.1<3.1.15 | |
| Microsoft Powershell Core | =7.0 | |
| Microsoft Powershell Core | =7.1 | |
| Microsoft Visual Studio 2019 | >=16.0<=16.9 | |
| Microsoft Visual Studio 2019 Macos | ||
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2021-26701
- https://github.com/dotnet/announcements/issues/178
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
- https://github.com/advisories/GHSA-ghhp-997w-qr28 (Advisory)
Frequently Asked Questions
What is CVE-2021-26701?
.NET Core Remote Code Execution Vulnerability that is unique from CVE-2021-24112.
How does CVE-2021-26701 affect Microsoft software?
It affects Microsoft .NET versions 5.0.4 and earlier, Microsoft .NET Core versions 2.1.28 and earlier, Microsoft PowerShell Core versions 7.0 and 7.1, and Microsoft Visual Studio 2019 versions 16.0 to 16.9.
What is the severity of CVE-2021-26701?
It has a severity rating of 9.8 (Critical).
How can I fix CVE-2021-26701?
Apply the necessary security updates provided by Microsoft and follow their recommendations.
Where can I find more information about CVE-2021-26701?
You can find more information about this vulnerability at the following references: [Reference 1](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/)
- collector/github-advisory-latest
- alias/GHSA-ghhp-997w-qr28
- alias/CVE-2021-26701
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/references
- agent/author
- agent/remedy
- agent/title
- agent/severity
- collector/github-advisory
- source/GitHub
- agent/software-canonical-lookup
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/nuget
- vendor/microsoft
- canonical/microsoft .net
- version/microsoft .net/5.0
- canonical/microsoft .net core
- version/microsoft .net core/2.1
- version/microsoft .net core/3.1
- canonical/microsoft powershell core
- version/microsoft powershell core/7.0
- version/microsoft powershell core/7.1
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.0
- version/microsoft visual studio 2019/16.9
- canonical/microsoft visual studio 2019 macos
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34