CVE-2026-32175 PUBLISHED

.NET Core Tampering Vulnerability

Assigner: microsoft
Reserved: 11.03.2026 Published: 12.05.2026 Updated: 12.05.2026

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CVSS Score: 4.3

Product Status

Vendor Microsoft
Product .NET 10.0
Versions
  • affected from 10.0.0 to 10.0.8 (excl.)
Vendor Microsoft
Product .NET 8.0
Versions
  • affected from 8.0.0 to 8.0.27 (excl.)
Vendor Microsoft
Product .NET 9.0
Versions
  • affected from 9.0.0 to 9.0.16 (excl.)
Vendor Microsoft
Product Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Versions
  • affected from 15.9.0 to 15.9.80 (excl.)
Vendor Microsoft
Product Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Versions
  • affected from 16.11.0 to 16.11.56 (excl.)
Vendor Microsoft
Product Microsoft Visual Studio 2022 version 17.12
Versions
  • affected from 17.12.0 to 17.12.20 (excl.)
Vendor Microsoft
Product Microsoft Visual Studio 2022 version 17.14
Versions
  • affected from 17.14.0 to 17.14.31 (excl.)
Vendor Microsoft
Product Microsoft Visual Studio 2026 version 18.5
Versions
  • affected from 18.5.0 to 18.5.3 (excl.)

References

Problem Types