MEDIUM
The severity is rated MEDIUM as the integration introduces potential risks due to its reliance on a preview version of .NET and unresolved technical issues. Real-world exploitation would require developers adopting this pre-release technology, which currently has limited uptake.

The Avalonia project has introduced support for MAUI (Multi-Platform App UI) targeting Linux and WebAssembly, expanding the platform coverage of .NET frameworks beyond Microsoft's original scope. This integration combines the custom-drawn approach of Avalonia with the native API usage of MAUI, allowing developers to use Avalonian controls in addition to or instead of the standard MAUI components. However, this preview is built on .NET 11, which is still under development and not yet generally available, presenting adoption challenges due to unresolved issues such as Wayland support for Linux and lack of WinUI integration for Windows applications. The broader security implication here lies in the potential vulnerabilities introduced by new integrations and the dependency on a pre-release framework, which could lead to exploitable bugs or inconsistencies.

Affected Systems
  • AvaloniaUI with MAUI backend
  • .NET Framework
Affected Versions: Preview versions based on .NET 11
Remediation
  • Monitor the Avalonia and .NET framework releases for updates addressing known issues, such as Wayland support.
  • Pin dependencies to stable versions of AvaloniaUI and MAUI until the preview is finalized and matured.
  • Review application configurations to ensure compatibility with upcoming changes in the .NET 11 framework.
Stack Impact

The impact on common homelab stacks includes reliance on pre-release software, which could introduce bugs or security vulnerabilities. Developers using AvaloniaUI for Linux and WebAssembly applications may need to update their dependency versions frequently.

Source →