What is the CVSS score of EUVD-2026-22562?

EUVD-2026-22562 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Net 10 0 are affected by EUVD-2026-22562?

Microsoft .NET 8.0, 9.0, 10.0 and Visual Studio 2022 contain an information disclosure vulnerability that allows unauthenticated remote attackers to extract sensitive data without requiring…. A patch is available.

How to fix or mitigate EUVD-2026-22562?

Within 24 hours: Identify all internal systems running affected .NET versions (8.0, 9.0, 10.0) and Visual Studio 2022 via asset inventory and scan results. Within 7 days: Apply vendor-released patches to all affected .NET runtimes and Visual Studio 2022 instances; prioritize internet-facing applications and development environments. Within 30 days: Verify patch deployment across all infrastructure through vulnerability rescanning and update all CI/CD pipelines to enforce patched versions.

Net 10 0 EUVD-2026-22562

| CVE-2026-32178 HIGH

Improper Neutralization of Special Elements (CWE-138)

2026-04-14 microsoft

GHSA-vmwf-m9c5-3jvc

Authentication Bypass Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 Microsoft Visual Studio 2022 Version 17 14

7.5

CVSS 3.1 · NVD

Temporal: 6.5

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ENISA EUVD

HIGH

qualitative

CIRCL (temporal)

6.5 MEDIUM

cvss

SUSE

HIGH

qualitative

Red Hat

7.5 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 17:46 euvd

EUVD-2026-22562

Analysis Generated

Apr 14, 2026 - 17:46 vuln.today

Patch released

Apr 14, 2026 - 17:46 nvd

Patch available

CVE Published

Apr 14, 2026 - 16:57 nvd

HIGH 7.5

DescriptionCVE.org

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

AnalysisAI

Information disclosure in Microsoft .NET 8.0, 9.0, 10.0, and Visual Studio 2022 allows unauthenticated remote attackers to access sensitive data through improper neutralization of special elements. This spoofing vulnerability (CWE-138) enables attackers to bypass authentication mechanisms and extract high-confidentiality information over the network with low attack complexity. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify internet-facing .NET application

Delivery

Craft request with special elements targeting auth bypass

Exploit

Send malicious HTTP request to vulnerable endpoint

Execution

Runtime fails to neutralize special characters

Persist

Spoof legitimate user session

Impact

Access confidential data without authentication

Access

Identify internet-facing .NET application

Delivery

Craft request with special elements targeting auth bypass

Exploit

Send malicious HTTP request to vulnerable endpoint

Execution

Runtime fails to neutralize special characters

Persist

Spoof legitimate user session

Impact

Access confidential data without authentication

Vulnerability AssessmentAI

Exploitation	Remote unauthenticated attacker over network against .NET applications with improper input validation of special elements. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS v3.1 score of 7.5 (High) reflects network-accessible exploitation (AV:N) requiring no authentication (PR:N), no user interaction (UI:N), and low attack complexity (AC:L), resulting in high confidentiality impact (C:H) without integrity or availability effects. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker sends specially crafted HTTP requests to a vulnerable .NET web application or API endpoint, embedding special elements or escape sequences designed to bypass authentication validation logic. The .NET runtime improperly neutralizes these special characters, allowing the attacker to spoof legitimate user credentials or session tokens. …
Remediation	Immediately upgrade to patched versions: .NET 10.0.6 or later for 10.0 branch deployments, .NET 9.0.15 or later for 9.0 branch deployments, .NET 8.0.26 or later for 8.0 branch deployments, Visual Studio 2022 version 17.14.30 or later for 17.14 installations, and Visual Studio 2022 version 17.12.19 or later for 17.12 installations. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all internal systems running affected .NET versions (8.0, 9.0, 10.0) and Visual Studio 2022 via asset inventory and scan results. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High

Product	Status
SUSE Liberty Linux 10	Fixed
SUSE Liberty Linux 8	Fixed
SUSE Liberty Linux 9	Fixed

EUVD-2026-22562 vulnerability details – vuln.today

Back

Net 10 0 EUVD-2026-22562

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code