CVE in dotnet/sdk:8.0-noble image

[strachob]

There are still 2 High Vulnerability CVE in the base docker image for dotnet/sdk:8.0-noble.
They could be resolved with update of Microsoft.Build packages.

[strachob]

Sorry, just read the CVE update policy. Closing this

[lbussell]

Hi @strachob, I actually think this is an instance of .NET SDK images have (false positive) .NET CVEs (#5325).

Mentioning CVE-2025-26646 here in text so it is searchable.

Related: dotnet/roslyn#81723.