Skip to content

[s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116 and CVE-2026-26171: Pin System.Security.Cryptography.Xml to 8.0.3#680

Open
brflood wants to merge 2 commits into
mainfrom
sfi/ES5.2/431c5164
Open

[s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116 and CVE-2026-26171: Pin System.Security.Cryptography.Xml to 8.0.3#680
brflood wants to merge 2 commits into
mainfrom
sfi/ES5.2/431c5164

Conversation

@brflood

@brflood brflood commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes CVE-2026-33116 and GHSA-37gx-xxp4-5rgx (High severity), CVE-2026-26171 and GHSA-w3x6-4m5h-cxqf in System.Security.Cryptography.Xml by pinning the transitive dependency to version 8.0.3.

Changes

  • Added direct PackageReference for System.Security.Cryptography.Xml version 8.0.3 in:
    • src/testengine.user.storagestate/testengine.user.storagestate.csproj
    • src/PowerAppsTestEngineWrapper/PowerAppsTestEngineWrapper.csproj

Context

Validation

  • dotnet restore succeeds
  • dotnet build succeeds for both affected projects
  • Semantic verification gates S1-S3: PASS

🔧 s360-breeze-toolkit - SFI-ES5.2 - run 431c5164

@brflood brflood requested a review from a team as a code owner July 6, 2026 20:42
Update both testengine.user.storagestate and PowerAppsTestEngineWrapper projects
to pin System.Security.Cryptography.Xml to 8.0.3, which resolves both
CVE-2026-33116 and GHSA-w3x6-4m5h-cxqf (8.0.2 was also vulnerable).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@brflood brflood changed the title [s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116: Pin System.Security.Cryptography.Xml to 8.0.2 [s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116: Pin System.Security.Cryptography.Xml to 8.0.3 Jul 6, 2026
@brflood brflood changed the title [s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116: Pin System.Security.Cryptography.Xml to 8.0.3 [s360-breeze-toolkit: SFI-ES5.2] Fix CVE-2026-33116 and CVE-2026-26171: Pin System.Security.Cryptography.Xml to 8.0.3 Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants