CVE-2026-50646
Publication date 14 July 2026
Last updated 17 July 2026
Ubuntu priority
Description
A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| dotnet6 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet7 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Ignored see notes | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet8 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet9 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet10 | 26.04 LTS resolute |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |