CVE-2026-32175

Medienbericht

EPSS 0.08%
Veröffentlicht 12.05.2026 16:59:01
Zuletzt bearbeitet 13.05.2026 15:34:52
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

.NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 8 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMicrosoft

≫

Produkt .NET 10.0

Version 10.0.0

Version < 10.0.8

Status affected

HerstellerMicrosoft

≫

Produkt .NET 8.0

Version 8.0.0

Version < 8.0.27

Status affected

HerstellerMicrosoft

≫

Produkt .NET 9.0

Version 9.0.0

Version < 9.0.16

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)

Version 15.9.0

Version < 15.9.80

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

Version 16.11.0

Version < 16.11.56

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Visual Studio 2022 version 17.12

Version 17.12.0

Version < 17.12.20

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Visual Studio 2022 version 17.14

Version 17.14.0

Version < 17.14.31

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Visual Studio 2026 version 18.5

Version 18.5.0

Version < 18.5.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.23

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

Media Report

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175

https://nvd.nist.gov/vuln/detail/CVE-2026-32175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32175

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32175