{"id":"CVE-2021-26701","details":".NET Core Remote Code Execution Vulnerability","aliases":["BIT-dotnet-2021-26701","BIT-dotnet-sdk-2021-26701","GHSA-ghhp-997w-qr28"],"modified":"2026-03-19T12:42:41.810767Z","published":"2021-02-25T23:15:16.913Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/"},{"type":"FIX","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotnet/core","events":[{"introduced":"62bcac3998e1168f4a34b775a06d6451b5ffca7b"},{"fixed":"90879aca8283889b1c6fe2beb7f9aaadab59b2e4"},{"introduced":"5c0a0489d157ca82fca6f9b73c682f118e8c4a8a"},{"fixed":"35d4533cb92ef43d42a7d5697e5ee72f484290c3"}],"database_specific":{"versions":[{"introduced":"5.0"},{"fixed":"5.0.4"},{"introduced":"3.1"},{"fixed":"3.1.15"}]}},{"type":"GIT","repo":"https://github.com/powershell/powershell","events":[{"introduced":"0"},{"last_affected":"b54b188c1804d4dcebb09a8be3a67916abd94fd7"},{"introduced":"0"},{"last_affected":"fa01333bfeef5dd7769143e2b4ec7ffdb70c62c8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.1"}]}}],"versions":["v2.1.24","v2.1.25","v3.1.10","v3.1.11","v3.1.12","v5.0.0","v5.0.1","v5.0.2","v5.0.3","v6.0.0-preview.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.1"},{"fixed":"2.1.28"}]},{"events":[{"introduced":"16.0"},{"last_affected":"16.9"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26701.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}