7.5

CVE-2026-32178

Medienbericht

.NET Spoofing Vulnerability

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Version >= 10.0.0 < 10.0.6
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Microsoft.Net Version >= 8.0.0 < 8.0.26
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Microsoft.Net Version >= 9.0.0 < 9.0.15
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
MicrosoftVisual Studio 2022 Version >= 17.12.0 < 17.12.19
MicrosoftVisual Studio 2022 Version >= 17.14.0 < 17.14.30
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.154
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-138 Improper Neutralization of Special Elements

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.