Vulnerability-Lookup

WID-SEC-W-2026-1100

Vulnerability from csaf_certbund - Published: 2026-04-14 22:00 - Updated: 2026-05-26 22:00

Summary

Microsoft DeveloperTools: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung für Hochsprachen. Microsoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausführung von Softwareanwendungen und Webdiensten ermöglicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. für die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere. Microsoft .NET ist ein Software-Framework für die Entwicklung und Ausführung von Anwendungen. PowerShell ist ein plattformübergreifendes Framework von Microsoft zur Automatisierung, Konfiguration und Verwaltung von Systemen, das einen Kommandozeileninterpreter inklusive Skriptsprache bietet. Visual Studio Code ist ein Quelltext-Editor von Microsoft.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio, Microsoft .NET Framework, Microsoft .NET, Microsoft PowerShell und Microsoft Visual Studio Code ausnutzen, um vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuführen, einen Denial-of-Service-Zustand herbeizuführen oder Sicherheitsmaßnahmen zu umgehen, was möglicherweise die Ausführung von beliebigem Code ermöglicht.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2026-21637

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-23653

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-23666

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-26143

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-26171

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-32178

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-32203

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-32226

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-32631

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

CVE-2026-33116

Affected products

Known affected 28 products

Product	Identifier	Version
Microsoft .NET Framework 4.7.2 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.7.2`	4.7.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft .NET Framework 4.8 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8`	4.8
Microsoft Visual Studio 2022 version 17.14 Microsoft / Visual Studio 2022		version 17.14
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft / Visual Studio 2017		version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.12 Microsoft / Visual Studio 2022		version 17.12
Microsoft PowerShell 7.5 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.5`	7.5
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft PowerShell 7.4 Microsoft / PowerShell	`cpe:/a:microsoft:powershell:7.4:rc1`	7.4
Hitachi Virtual Storage Platform 5200 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200`	5200
Hitachi Virtual Storage Platform 5100 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100`	5100
Hitachi Virtual Storage Platform 5500 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500`	5500
Hitachi Virtual Storage Platform 5100H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5100h`	5100H
Hitachi Virtual Storage Platform 5500H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5500h`	5500H
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft / Visual Studio 2019		version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3) Microsoft / Visual Studio 2019		version 16.4 (includes 16.0-16.3)
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft .NET Framework 3.5 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:3.5:-`	3.5
Microsoft .NET Framework 4.8.1 Microsoft / .NET Framework	`cpe:/a:microsoft:.net_framework:4.8.1`	4.8.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Hitachi Virtual Storage Platform 5600H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600h`	5600H
Hitachi Virtual Storage Platform 5200H Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5200h`	5200H
Hitachi Virtual Storage Platform 5600 Hitachi / Virtual Storage Platform	`cpe:/h:hitachi:virtual_storage_platform:5600`	5600

References

48 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external
https://access.redhat.com/errata/RHSA-2026:8471	external
https://access.redhat.com/errata/RHSA-2026:8470	external
https://access.redhat.com/errata/RHSA-2026:8469	external
https://access.redhat.com/errata/RHSA-2026:8468	external
https://access.redhat.com/errata/RHSA-2026:8467	external
https://ubuntu.com/security/notices/USN-8176-1	external
https://access.redhat.com/errata/RHSA-2026:8475	external
https://access.redhat.com/errata/RHSA-2026:8474	external
https://access.redhat.com/errata/RHSA-2026:8473	external
https://access.redhat.com/errata/RHSA-2026:8472	external
https://linux.oracle.com/errata/ELSA-2026-8470.html	external
https://linux.oracle.com/errata/ELSA-2026-8472.html	external
https://linux.oracle.com/errata/ELSA-2026-8467.html	external
https://linux.oracle.com/errata/ELSA-2026-8474.html	external
https://linux.oracle.com/errata/ELSA-2026-8471.html	external
http://linux.oracle.com/errata/ELSA-2026-8473.html	external
https://errata.build.resf.org/RLSA-2026:8471	external
https://errata.build.resf.org/RLSA-2026:8470	external
https://errata.build.resf.org/RLSA-2026:8469	external
https://errata.build.resf.org/RLSA-2026:8473	external
https://errata.build.resf.org/RLSA-2026:8467	external
https://errata.build.resf.org/RLSA-2026:8468	external
https://errata.build.resf.org/RLSA-2026:8472	external
https://errata.build.resf.org/RLSA-2026:8474	external
https://errata.build.resf.org/RLSA-2026:8475	external
http://linux.oracle.com/errata/ELSA-2026-8475.html	external
https://linux.oracle.com/errata/ELSA-2026-8468.html	external
https://linux.oracle.com/errata/ELSA-2026-8469.html	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://access.redhat.com/errata/RHSA-2026:9077	external
https://ubuntu.com/security/notices/USN-8216-1	external
https://access.redhat.com/errata/RHSA-2026:13283	external
https://access.redhat.com/errata/RHSA-2026:13281	external
https://access.redhat.com/errata/RHSA-2026:13280	external
https://access.redhat.com/errata/RHSA-2026:13282	external
https://access.redhat.com/errata/RHSA-2026:13693	external
https://www.hitachi.com/products/it/storage-solut…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung f\u00fcr Hochsprachen.\r\nMicrosoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausf\u00fchrung von Softwareanwendungen und Webdiensten erm\u00f6glicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. f\u00fcr die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.\r\nMicrosoft .NET ist ein Software-Framework f\u00fcr die Entwicklung und Ausf\u00fchrung von Anwendungen.\r\nPowerShell ist ein plattform\u00fcbergreifendes Framework von Microsoft zur Automatisierung, Konfiguration und Verwaltung von Systemen, das einen Kommandozeileninterpreter inklusive Skriptsprache bietet. \r\nVisual Studio Code ist ein Quelltext-Editor von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio, Microsoft .NET Framework, Microsoft .NET, Microsoft PowerShell und Microsoft Visual Studio Code ausnutzen, um vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder Sicherheitsma\u00dfnahmen zu umgehen, was m\u00f6glicherweise die Ausf\u00fchrung von beliebigem Code erm\u00f6glicht.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1100 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1100.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1100 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1100"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8471 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8471"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8470 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8470"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8469 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8469"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8468 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8468"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8467 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8467"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8176-1 vom 2026-04-16",
        "url": "https://ubuntu.com/security/notices/USN-8176-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8475 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8475"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8474 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8474"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8473 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8473"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8472 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8472"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8470 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8470.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8472 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8472.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8467 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8467.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8474 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8474.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8471 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8471.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8473 vom 2026-04-19",
        "url": "http://linux.oracle.com/errata/ELSA-2026-8473.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8471 vom 2026-04-19",
        "url": "https://errata.build.resf.org/RLSA-2026:8471"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8470 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8470"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8469 vom 2026-04-19",
        "url": "https://errata.build.resf.org/RLSA-2026:8469"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8473 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8473"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8467 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8467"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8468 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8468"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8472 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8472"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8474 vom 2026-04-19",
        "url": "https://errata.build.resf.org/RLSA-2026:8474"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8475 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8475"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8475 vom 2026-04-19",
        "url": "http://linux.oracle.com/errata/ELSA-2026-8475.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8468 vom 2026-04-20",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8468.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8469 vom 2026-04-20",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8469.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-A1302C450C vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-a1302c450c"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-AC43E01AF9 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ac43e01af9"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-AD17A2DB6C vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ad17a2db6c"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-E1D2833798 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-e1d2833798"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-EADD724963 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-eadd724963"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-EDCA75E401 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-edca75e401"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-FC2112CDD4 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-fc2112cdd4"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-02B2A30C02 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-02b2a30c02"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-97FBAAEF10 vom 2026-04-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-97fbaaef10"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9077 vom 2026-04-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:9077"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8216-1 vom 2026-04-28",
        "url": "https://ubuntu.com/security/notices/USN-8216-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13283 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13281 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13281"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13280 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13280"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13282 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13282"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13693 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:13693"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2026-311 vom 2026-05-27",
        "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/04.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft DeveloperTools: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-26T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-27T08:52:42.319+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1100",
      "initial_release_date": "2026-04-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-22991"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-04-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von HITACHI aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5100",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5100",
                  "product_id": "T017180",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5100"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5500",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5500",
                  "product_id": "T017181",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5100H",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5100H",
                  "product_id": "T017182",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5100h"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5500H",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5500H",
                  "product_id": "T017183",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5500h"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5200",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5200",
                  "product_id": "T047075",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5200H",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5200H",
                  "product_id": "T047076",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5200h"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5600",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5600",
                  "product_id": "T047077",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5600"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5600H",
                "product": {
                  "name": "Hitachi Virtual Storage Platform 5600H",
                  "product_id": "T047078",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hitachi:virtual_storage_platform:5600h"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Virtual Storage Platform"
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Microsoft .NET 10.0",
                  "product_id": "T051615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Microsoft .NET 9.0",
                  "product_id": "T051616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Microsoft .NET 8.0",
                  "product_id": "T052749",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": ".NET"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.8.1",
                "product": {
                  "name": "Microsoft .NET Framework 4.8.1",
                  "product_id": "1273212",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.8.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.7.2",
                "product": {
                  "name": "Microsoft .NET Framework 4.7.2",
                  "product_id": "432556",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.7.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.8",
                "product": {
                  "name": "Microsoft .NET Framework 4.8",
                  "product_id": "432557",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:4.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.5",
                "product": {
                  "name": "Microsoft .NET Framework 3.5",
                  "product_id": "834793",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net_framework:3.5:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": ".NET Framework"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.4",
                "product": {
                  "name": "Microsoft PowerShell 7.4",
                  "product_id": "1809886",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powershell:7.4:rc1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "Microsoft PowerShell 7.5",
                  "product_id": "T052775",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powershell:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerShell"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 15.9 (includes 15.0-15.8)",
                "product": {
                  "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)",
                  "product_id": "T052756"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2017"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 16.11 (includes 16.0-16.10)",
                "product": {
                  "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)",
                  "product_id": "T052786"
                }
              },
              {
                "category": "product_version_range",
                "name": "version 16.4 (includes 16.0-16.3)",
                "product": {
                  "name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)",
                  "product_id": "T052787"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 17.14",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.14",
                  "product_id": "T052777"
                }
              },
              {
                "category": "product_version_range",
                "name": "version 17.12",
                "product": {
                  "name": "Microsoft Visual Studio 2022 version 17.12",
                  "product_id": "T052778"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2022"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "CoPilot Chat Extension",
                "product": {
                  "name": "Microsoft Visual Studio Code CoPilot Chat Extension",
                  "product_id": "T052776",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:copilot_chat_extension"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio Code"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21637",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-21637"
    },
    {
      "cve": "CVE-2026-23653",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-23653"
    },
    {
      "cve": "CVE-2026-23666",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-23666"
    },
    {
      "cve": "CVE-2026-26143",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-26143"
    },
    {
      "cve": "CVE-2026-26171",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-26171"
    },
    {
      "cve": "CVE-2026-32178",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-32178"
    },
    {
      "cve": "CVE-2026-32203",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-32203"
    },
    {
      "cve": "CVE-2026-32226",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-32226"
    },
    {
      "cve": "CVE-2026-32631",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-32631"
    },
    {
      "cve": "CVE-2026-33116",
      "product_status": {
        "known_affected": [
          "432556",
          "67646",
          "432557",
          "T052777",
          "T052756",
          "T052778",
          "T052775",
          "T052776",
          "T004914",
          "T051615",
          "T051616",
          "T052749",
          "1809886",
          "T047075",
          "T017180",
          "T017181",
          "T017182",
          "T017183",
          "T052786",
          "T052787",
          "T032255",
          "74185",
          "834793",
          "1273212",
          "T000126",
          "T047078",
          "T047076",
          "T047077"
        ]
      },
      "release_date": "2026-04-14T22:00:00.000+00:00",
      "title": "CVE-2026-33116"
    }
  ]
}

CVE-2026-21637 (GCVE-0-2026-21637)

Vulnerability from cvelistv5 – Published: 2026-01-20 20:41 – Updated: 2026-01-21 20:22

Summary

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.

Severity

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

hackerone

References

1 reference

URL	Tags
https://nodejs.org/en/blog/vulnerability/december…

Impacted products

1 product

Vendor	Product	Version
nodejs	node	Affected: 20.19.6 , ≤ 20.19.6 (semver) Affected: 22.21.1 , ≤ 22.21.1 (semver) Affected: 24.12.0 , ≤ 24.12.0 (semver) Affected: 25.2.1 , ≤ 25.2.1 (semver) Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.* (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T20:22:28.525038Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T20:22:51.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "node",
          "vendor": "nodejs",
          "versions": [
            {
              "lessThanOrEqual": "20.19.6",
              "status": "affected",
              "version": "20.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "22.21.1",
              "status": "affected",
              "version": "22.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "24.12.0",
              "status": "affected",
              "version": "24.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "25.2.1",
              "status": "affected",
              "version": "25.2.1",
              "versionType": "semver"
            },
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.*",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T20:41:55.352Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2026-21637",
    "datePublished": "2026-01-20T20:41:55.352Z",
    "dateReserved": "2026-01-01T15:00:02.339Z",
    "dateUpdated": "2026-01-21T20:22:51.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23653 (GCVE-0-2026-23653)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:56 – Updated: 2026-06-01 19:11

Title

GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

Summary

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Severity

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Microsoft Visual Studio Code CoPilot Chat Extension	Affected: 0.27.0 , < 0.37.3 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23653",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:30:08.108370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:37:42.942Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio Code CoPilot Chat Extension",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "0.37.3",
              "status": "affected",
              "version": "0.27.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_code_copilot_chat_extension:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.37.3",
                  "versionStartIncluding": "0.27.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:11:54.542Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653"
        }
      ],
      "title": "GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-23653",
    "datePublished": "2026-04-14T16:56:53.499Z",
    "dateReserved": "2026-01-14T16:59:33.462Z",
    "dateUpdated": "2026-06-01T19:11:54.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23666 (GCVE-0-2026-23666)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-01 19:12

Title

.NET Framework Denial of Service Vulnerability

Summary

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

6 products

Vendor	Product	Version
Microsoft	Microsoft .NET Framework 3.5	Affected: 3.5.0 , < 2.0.50727.8982 & 3.0.30729.8976 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	Affected: 4.7.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	Affected: 4.8.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	Affected: 4.8.1 , < 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (custom)
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Affected: 4.7.0 , < 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 4.8	Affected: 4.8.0 , < 4.8.4801.0 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23666",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T13:40:59.739058Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T13:41:08.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.8982 \u0026 3.0.30729.8976",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows 11 Version 24H2 for ARM64-based Systems",
            "Windows 11 Version 24H2 for x64-based Systems",
            "Windows 11 Version 25H2 for ARM64-based Systems",
            "Windows 11 Version 25H2 for x64-based Systems",
            "Windows 11 Version 26H1 for ARM64-based Systems",
            "Windows 11 version 26H1 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2022, 23H2 Edition (Server Core installation)",
            "Windows Server 2025",
            "Windows Server 2025 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4801.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4801.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.8982 \u0026 3.0.30729.8976",
                  "versionStartIncluding": "3.5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755: Improper Handling of Exceptional Conditions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:12:50.080Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Framework Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666"
        }
      ],
      "title": ".NET Framework Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-23666",
    "datePublished": "2026-04-14T16:57:53.069Z",
    "dateReserved": "2026-01-14T16:59:33.464Z",
    "dateUpdated": "2026-06-01T19:12:50.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26143 (GCVE-0-2026-26143)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-01 19:12

Title

Microsoft PowerShell Security Feature Bypass Vulnerability

Summary

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
Microsoft	PowerShell 7.4	Affected: 7.4.0 , < 7.4.14 (custom)
Microsoft	PowerShell 7.5	Affected: 7.5.0 , < 7.5.5 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:24:29.195623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:26:39.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PowerShell 7.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.4.14",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PowerShell 7.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.5.5",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.5",
                  "versionStartIncluding": "7.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.4.14",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:12:50.697Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft PowerShell Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143"
        }
      ],
      "title": "Microsoft PowerShell Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26143",
    "datePublished": "2026-04-14T16:57:53.686Z",
    "dateReserved": "2026-02-11T16:24:51.134Z",
    "dateUpdated": "2026-06-01T19:12:50.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26171 (GCVE-0-2026-26171)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-01 19:13

Title

.NET Denial of Service Vulnerability

Summary

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

5 products

Vendor	Product	Version
Microsoft	.NET 10.0	Affected: 10.0.0 , < 10.0.6 (custom)
Microsoft	.NET 8.0	Affected: 8.0.0 , < 8.0.26 (custom)
Microsoft	.NET 9.0	Affected: 9.0.0 , < 9.0.15 (custom)
Microsoft	PowerShell 7.5	Affected: 7.5.0 , < 7.5.6 (custom)
Microsoft	PowerShell 7.6	Affected: 7.6.0 , < 7.6.1 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T18:53:29.483401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T18:53:37.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.6",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.15",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PowerShell 7.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.5.6",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PowerShell 7.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.6",
                  "versionStartIncluding": "7.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.6",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.15",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.6.1",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:13:26.402Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171"
        }
      ],
      "title": ".NET Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26171",
    "datePublished": "2026-04-14T16:58:37.655Z",
    "dateReserved": "2026-02-11T18:33:57.776Z",
    "dateUpdated": "2026-06-01T19:13:26.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32178 (GCVE-0-2026-32178)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-01 19:12

Title

.NET Spoofing Vulnerability

Summary

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-138 - Improper Neutralization of Special Elements

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

6 products

Vendor	Product	Version
Microsoft	.NET 10.0	Affected: 10.0.0 , < 10.0.6 (custom)
Microsoft	.NET 8.0	Affected: 8.0 , < 8.0.26 (custom)
Microsoft	.NET 8.0	Affected: 8.0.0 , < 8.0.26 (custom)
Microsoft	.NET 9.0	Affected: 9.0.0 , < 9.0.15 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.12	Affected: 17.12.0 , < 17.12.19 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.14	Affected: 17.14.0 , < 17.14.30 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T10:40:37.117716Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T10:43:57.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.6",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.15",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.19",
              "status": "affected",
              "version": "17.12.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.14.30",
              "status": "affected",
              "version": "17.14.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.19",
                  "versionStartIncluding": "17.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.14.30",
                  "versionStartIncluding": "17.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.6",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.15",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-138",
              "description": "CWE-138: Improper Neutralization of Special Elements",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:12:31.466Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178"
        }
      ],
      "title": ".NET Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-32178",
    "datePublished": "2026-04-14T16:57:31.355Z",
    "dateReserved": "2026-03-11T00:26:53.425Z",
    "dateUpdated": "2026-06-01T19:12:31.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32203 (GCVE-0-2026-32203)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-01 19:13

Title

.NET and Visual Studio Denial of Service Vulnerability

Summary

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

6 products

Vendor	Product	Version
Microsoft	.NET 10.0	Affected: 10.0.0 , < 10.0.6 (custom)
Microsoft	.NET 8.0	Affected: 8.0.0 , < 8.0.26 (custom)
Microsoft	.NET 9.0	Affected: 9.0.0 , < 9.0.15 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.12	Affected: 17.12.0 , < 17.12.19 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.14	Affected: 17.14.0 , < 17.14.30 (custom)
Microsoft	Microsoft Visual Studio 2026 version 18.4	Affected: 18.4.0 , < 18.4.4 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32203",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T10:41:37.792331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T10:43:56.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.6",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.15",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.19",
              "status": "affected",
              "version": "17.12.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.14.30",
              "status": "affected",
              "version": "17.14.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2026 version 18.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.4.4",
              "status": "affected",
              "version": "18.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.4.4",
                  "versionStartIncluding": "18.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.19",
                  "versionStartIncluding": "17.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.14.30",
                  "versionStartIncluding": "17.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.6",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.15",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:13:26.973Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203"
        }
      ],
      "title": ".NET and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-32203",
    "datePublished": "2026-04-14T16:58:38.178Z",
    "dateReserved": "2026-03-11T01:49:58.658Z",
    "dateUpdated": "2026-06-01T19:13:26.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32226 (GCVE-0-2026-32226)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-01 19:13

Title

.NET Framework Denial of Service Vulnerability

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft .NET Framework 3.5	Affected: 3.5.0 , < 2.0.50727.8982 & 3.0.30729.8976 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	Affected: 4.7.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	Affected: 4.8.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	Affected: 4.8.1 , < 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (custom)
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Affected: 4.7.0 , < 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 4.7.2	Affected: 10.0.0.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (custom)
Microsoft	Microsoft .NET Framework 4.8	Affected: 4.8.0 , < 2.0.50727.9181 & 3.0.30729.9165 & 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 4.8.1	Affected: 4.8.0.0 , < 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32226",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:03:36.736622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:20:32.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.8982 \u0026 3.0.30729.8976",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows Server, version 20H2 (Server Core Installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows 11 Version 24H2 for ARM64-based Systems",
            "Windows 11 Version 24H2 for x64-based Systems",
            "Windows 11 Version 25H2 for ARM64-based Systems",
            "Windows 11 Version 25H2 for x64-based Systems",
            "Windows 11 Version 26H1 for ARM64-based Systems",
            "Windows 11 version 26H1 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2022, 23H2 Edition (Server Core installation)",
            "Windows Server 2025",
            "Windows Server 2025 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4801.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "status": "affected",
              "version": "10.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2022 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "status": "affected",
              "version": "4.8.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
                  "versionStartIncluding": "10.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
                  "versionStartIncluding": "4.8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.8982 \u0026 3.0.30729.8976",
                  "versionStartIncluding": "3.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4801.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in .NET Framework allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:13:43.279Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Framework Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32226"
        }
      ],
      "title": ".NET Framework Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-32226",
    "datePublished": "2026-04-14T16:57:44.474Z",
    "dateReserved": "2026-03-11T01:49:58.662Z",
    "dateUpdated": "2026-06-01T19:13:43.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32631 (GCVE-0-2026-32631)

Vulnerability from cvelistv5 – Published: 2026-04-15 17:26 – Updated: 2026-04-15 18:44

Title

Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers

Summary

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/git-for-windows/git/security/a…	x_refsource_CONFIRM
https://github.com/git-for-windows/git/releases/t…	x_refsource_MISC
https://learn.microsoft.com/en-au/windows/whats-n…	x_refsource_MISC
https://support.microsoft.com/en-us/topic/upcomin…	x_refsource_MISC
https://techcommunity.microsoft.com/blog/windows-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
git-for-windows	git	Affected: < 2.53.0.windows.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T18:43:55.597018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T18:44:04.155Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git-for-windows",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.53.0.windows.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user\u0027s NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T17:26:44.154Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx"
        },
        {
          "name": "https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3"
        },
        {
          "name": "https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM"
        },
        {
          "name": "https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e"
        },
        {
          "name": "https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848"
        }
      ],
      "source": {
        "advisory": "GHSA-9j5h-h4m7-85hx",
        "discovery": "UNKNOWN"
      },
      "title": "Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-32631",
    "datePublished": "2026-04-15T17:26:44.154Z",
    "dateReserved": "2026-03-12T15:29:36.559Z",
    "dateUpdated": "2026-04-15T18:44:04.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33116 (GCVE-0-2026-33116)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-01 19:12

Title

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Summary

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-400 - Uncontrolled Resource Consumption
CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

10 products

Vendor	Product	Version
Microsoft	.NET 10.0	Affected: 10.0.0 , < 10.0.6 (custom)
Microsoft	.NET 8.0	Affected: 8.0 , < 8.0.26 (custom)
Microsoft	.NET 8.0	Affected: 8.0.0 , < 8.0.26 (custom)
Microsoft	.NET 9.0	Affected: 9.0.0 , < 9.0.15 (custom)
Microsoft	Microsoft .NET Framework 3.5	Affected: 3.5.0 , < 2.0.50727.8982 & 3.0.30729.8976 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	Affected: 4.7.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	Affected: 4.8.0 , < 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	Affected: 4.8.1 , < 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (custom)
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Affected: 4.7.0 , < 4.8.4801.0 (custom)
Microsoft	Microsoft .NET Framework 4.8	Affected: 4.8.0 , < 4.8.4801.0 (custom)

Date Public

2026-04-14 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:48:26.946135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:48:35.606Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.6",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.15",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.8982 \u0026 3.0.30729.8976",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows 11 Version 24H2 for ARM64-based Systems",
            "Windows 11 Version 24H2 for x64-based Systems",
            "Windows 11 Version 25H2 for ARM64-based Systems",
            "Windows 11 Version 25H2 for x64-based Systems",
            "Windows 11 Version 26H1 for ARM64-based Systems",
            "Windows 11 Version 26H1 for x64-based Systems",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows Server 2022, 23H2 Edition (Server Core installation)",
            "Windows Server 2025",
            "Windows Server 2025 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4801.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4801.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.6",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.15",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4801.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.50727.8982 \u0026 3.0.30729.8976",
                  "versionStartIncluding": "3.5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T19:12:43.594Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-33116",
    "datePublished": "2026-04-14T16:57:47.626Z",
    "dateReserved": "2026-03-17T20:15:23.721Z",
    "dateUpdated": "2026-06-01T19:12:43.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1100

CVE-2026-21637 (GCVE-0-2026-21637)

CVE-2026-23653 (GCVE-0-2026-23653)

CVE-2026-23666 (GCVE-0-2026-23666)

CVE-2026-26143 (GCVE-0-2026-26143)

CVE-2026-26171 (GCVE-0-2026-26171)

CVE-2026-32178 (GCVE-0-2026-32178)

CVE-2026-32203 (GCVE-0-2026-32203)

CVE-2026-32226 (GCVE-0-2026-32226)

CVE-2026-32631 (GCVE-0-2026-32631)

CVE-2026-33116 (GCVE-0-2026-33116)

Tags

Sightings

Nomenclature