Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for visual_studio_2026 by microsoft

    CVE-2026-45591 (GCVE-0-2026-45591)

    Vulnerability from nvd – Published: 2026-06-09 17:05 – Updated: 2026-07-08 23:23
    VLAI
    Title
    ASP.NET Core Denial of Service Vulnerability
    Summary
    Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisorypatch
    https://access.redhat.com/security/cve/CVE-2026-45591 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2487224 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:28007 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25115 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25114 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25110 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25113 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28227 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26994 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17527 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.9 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.28 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.17 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 10.0 Affected: 10.0 , < 10.0.9 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 8.0 Affected: 8.0 , < 8.0.28 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 9.0 Affected: 9.0 , < 9.0.17 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.6 Affected: 18.6.0 , < 18.6.3 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T13:47:51.768280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:47:58.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-09T17:05:29.575Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition"
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:20.250Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-45591"
              },
              {
                "name": "RHBZ#2487224",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487224"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45591.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28007"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25115"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25113"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28227"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28011"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28051"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25222"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25220"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25221"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26638"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26994"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17527"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28007: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28009: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25115: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25111: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25112: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25114: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25110: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25113: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28227: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28011: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28051: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25222: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25220: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25221: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26638: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26994: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17527: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-09T18:07:51.180Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-09T17:05:29.575Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption",
            "workarounds": [
              {
                "lang": "en",
                "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.9",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.28",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.17",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.9",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.28",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.17",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.3",
                  "status": "affected",
                  "version": "18.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.3",
                      "versionStartIncluding": "18.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.9",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.9",
                      "versionStartIncluding": "10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.28",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.28",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.17",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.17",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T23:23:45.647Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591"
            }
          ],
          "title": "ASP.NET Core Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-45591",
        "datePublished": "2026-06-09T17:05:29.575Z",
        "dateReserved": "2026-05-12T19:55:45.730Z",
        "dateUpdated": "2026-07-08T23:23:45.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32177 (GCVE-0-2026-32177)

    Vulnerability from nvd – Published: 2026-05-12 16:58 – Updated: 2026-06-30 12:07
    VLAI
    Title
    .NET Elevation of Privilege Vulnerability
    Summary
    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.8 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.27 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.32 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.5 Affected: 18.5.0 , < 18.5.3 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:55:57.172870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:18:24.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-12T16:58:15.551Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in dotnet. A heap-based buffer overflow in .NET allows an unauthenticated attacker to elevate privileges locally."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:45.461Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32177"
              },
              {
                "name": "RHBZ#2476664",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476664"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32177.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-12T18:05:35.236Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-12T16:58:15.551Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: .NET: heap-based buffer overflow allows an attacker to elevate privileges locally",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.27",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.16",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2022"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2025"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2016"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.20",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.32",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.5.3",
                  "status": "affected",
                  "version": "18.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.8",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.27",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.16",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.20",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.32",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.5.3",
                      "versionStartIncluding": "18.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:23.878Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"
            }
          ],
          "title": ".NET Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32177",
        "datePublished": "2026-05-12T16:58:15.551Z",
        "dateReserved": "2026-03-11T00:26:53.425Z",
        "dateUpdated": "2026-06-30T12:07:45.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32175 (GCVE-0-2026-32175)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    .NET Core Tampering Vulnerability
    Summary
    A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    References
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:22:38.751667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:22:51.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.27",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.16",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.20",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.32",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.5.3",
                  "status": "affected",
                  "version": "18.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.8",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.27",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.16",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.5.3",
                      "versionStartIncluding": "18.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.32",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.20",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36: Absolute Path Traversal",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:35.340Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Core Tampering Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
            }
          ],
          "title": ".NET Core Tampering Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32175",
        "datePublished": "2026-05-12T16:59:01.649Z",
        "dateReserved": "2026-03-11T00:26:53.424Z",
        "dateUpdated": "2026-06-19T16:12:35.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32203 (GCVE-0-2026-32203)

    Vulnerability from nvd – Published: 2026-04-14 16:58 – Updated: 2026-06-30 12:07
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    • CWE-20 - Improper Input Validation
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisorypatch
    https://access.redhat.com/security/cve/CVE-2026-32203 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457740 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13281 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13280 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8467 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8472 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8473 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13693 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13282 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8471 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9080 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9205 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.26 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.19 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.4 Affected: 18.4.0 , < 18.4.4 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32203",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T10:41:37.792331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T10:43:56.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-14T18:39:07.491Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service (DoS). This could make the affected system unavailable to legitimate users."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:45.187Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32203"
              },
              {
                "name": "RHBZ#2457740",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457740"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32203.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13281"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13280"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8467"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8472"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8473"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13693"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13282"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8471"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8469"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8474"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9080"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9205"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13281: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13280: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8467: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8468: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8475: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13693: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13283: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13282: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8471: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8469: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8474: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9077: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9080: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9205: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T05:02:08.475Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-14T18:39:07.491Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: .NET: Denial of Service via stack overflow",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.26",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.15",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.19",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.30",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.4.4",
                  "status": "affected",
                  "version": "18.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.4.4",
                      "versionStartIncluding": "18.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.19",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.30",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.26",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.15",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:08:52.419Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32203",
        "datePublished": "2026-04-14T16:58:38.178Z",
        "dateReserved": "2026-03-11T01:49:58.658Z",
        "dateUpdated": "2026-06-30T12:07:45.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45591 (GCVE-0-2026-45591)

    Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-07-08 23:23
    VLAI
    Title
    ASP.NET Core Denial of Service Vulnerability
    Summary
    Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisorypatch
    https://access.redhat.com/security/cve/CVE-2026-45591 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2487224 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:28007 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25115 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25114 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25110 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25113 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28227 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25222 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26994 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17527 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.9 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.28 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.17 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 10.0 Affected: 10.0 , < 10.0.9 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 8.0 Affected: 8.0 , < 8.0.28 (custom)
    Create a notification for this product.
    Microsoft ASP.NET Core 9.0 Affected: 9.0 , < 9.0.17 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.6 Affected: 18.6.0 , < 18.6.3 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T13:47:51.768280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:47:58.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-09T17:05:29.575Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition"
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:20.250Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-45591"
              },
              {
                "name": "RHBZ#2487224",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487224"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45591.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28007"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25115"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25113"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28227"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28011"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28051"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25222"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25220"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25221"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26638"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26994"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17527"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28007: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28009: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25115: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25111: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25112: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25114: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25110: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25113: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28227: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28011: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28051: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25222: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25220: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25221: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26638: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26994: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17527: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-09T18:07:51.180Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-09T17:05:29.575Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption",
            "workarounds": [
              {
                "lang": "en",
                "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.9",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.28",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.17",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.9",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.28",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ASP.NET Core 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.17",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.3",
                  "status": "affected",
                  "version": "18.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.3",
                      "versionStartIncluding": "18.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.9",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.9",
                      "versionStartIncluding": "10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.28",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.28",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.17",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.17",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T23:23:45.647Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591"
            }
          ],
          "title": "ASP.NET Core Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-45591",
        "datePublished": "2026-06-09T17:05:29.575Z",
        "dateReserved": "2026-05-12T19:55:45.730Z",
        "dateUpdated": "2026-07-08T23:23:45.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32175 (GCVE-0-2026-32175)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    .NET Core Tampering Vulnerability
    Summary
    A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    References
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:22:38.751667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:22:51.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.27",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.16",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.20",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.32",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.5.3",
                  "status": "affected",
                  "version": "18.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.8",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.27",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.16",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.5.3",
                      "versionStartIncluding": "18.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.32",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.20",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36: Absolute Path Traversal",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:35.340Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Core Tampering Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
            }
          ],
          "title": ".NET Core Tampering Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32175",
        "datePublished": "2026-05-12T16:59:01.649Z",
        "dateReserved": "2026-03-11T00:26:53.424Z",
        "dateUpdated": "2026-06-19T16:12:35.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32177 (GCVE-0-2026-32177)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:58 – Updated: 2026-06-30 12:07
    VLAI
    Title
    .NET Elevation of Privilege Vulnerability
    Summary
    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.8 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.27 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.9334.0 and 4.8.4802.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.32 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.5 Affected: 18.5.0 , < 18.5.3 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:55:57.172870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:18:24.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-12T16:58:15.551Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in dotnet. A heap-based buffer overflow in .NET allows an unauthenticated attacker to elevate privileges locally."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:45.461Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32177"
              },
              {
                "name": "RHBZ#2476664",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476664"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32177.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-12T18:05:35.236Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-12T16:58:15.551Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: .NET: heap-based buffer overflow allows an attacker to elevate privileges locally",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.27",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.16",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2022"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2025"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2016"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9334.0 and 4.8.4802.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.20",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.32",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.5.3",
                  "status": "affected",
                  "version": "18.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.8",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.27",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.16",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.20",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.32",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.5.3",
                      "versionStartIncluding": "18.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:23.878Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"
            }
          ],
          "title": ".NET Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32177",
        "datePublished": "2026-05-12T16:58:15.551Z",
        "dateReserved": "2026-03-11T00:26:53.425Z",
        "dateUpdated": "2026-06-30T12:07:45.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32203 (GCVE-0-2026-32203)

    Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-30 12:07
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    • CWE-20 - Improper Input Validation
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisorypatch
    https://access.redhat.com/security/cve/CVE-2026-32203 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457740 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:13281 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13280 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8467 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8472 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8473 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13693 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13282 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8471 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9077 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9080 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9205 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.26 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.19 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.4 Affected: 18.4.0 , < 18.4.4 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32203",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T10:41:37.792331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T10:43:56.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-14T18:39:07.491Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service (DoS). This could make the affected system unavailable to legitimate users."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:45.187Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32203"
              },
              {
                "name": "RHBZ#2457740",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457740"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32203.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13281"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13280"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8467"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8472"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8473"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13693"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13282"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8471"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8469"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8474"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9077"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9080"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9205"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:13281: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13280: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8467: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8468: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8475: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13693: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13283: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13282: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8471: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8469: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8474: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9077: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9080: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9205: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-13T05:02:08.475Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-14T18:39:07.491Z",
                "value": "Made public."
              }
            ],
            "title": "dotnet: .NET: Denial of Service via stack overflow",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.26",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.15",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.19",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.30",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.4.4",
                  "status": "affected",
                  "version": "18.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.4.4",
                      "versionStartIncluding": "18.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.19",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.30",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.26",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.15",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:08:52.419Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32203",
        "datePublished": "2026-04-14T16:58:38.178Z",
        "dateReserved": "2026-03-11T01:49:58.658Z",
        "dateUpdated": "2026-06-30T12:07:45.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }