Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
ENISA EUVD
HIGH
qualitative
Red Hat
7.3 HIGH
qualitative

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 18:31 vuln.today
CVE Published
May 12, 2026 - 16:58 nvd
HIGH 7.3

DescriptionCVE.org

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.

Technical ContextAI

This vulnerability affects the core .NET runtime across multiple framework versions including legacy .NET Framework 3.5-4.8.1, modern .NET 8.0-10.0, and Visual Studio 2017 development environments. The root cause is CWE-122 (heap-based buffer overflow), a memory corruption flaw where untrusted input causes the runtime to write beyond allocated heap boundaries during processing. Unlike stack overflows, heap corruption can be more complex to exploit but enables precise memory manipulation for privilege escalation. The widespread CPE coverage indicates the flaw resides in shared .NET runtime components used across framework versions, affecting both application execution and development tool environments where .NET assemblies are processed.

RemediationAI

Apply security updates from Microsoft Security Response Center immediately via Windows Update or manual download from https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177, ensuring patches match specific .NET Framework and runtime versions installed. For Visual Studio 2017 environments, update to the latest servicing release through Visual Studio Installer. Until patching is complete, implement application whitelisting (AppLocker/Windows Defender Application Control) to restrict .NET assembly execution to trusted publishers only, though this may impact developer workflows and legitimate business applications requiring policy exceptions. Educate users to avoid opening .NET executables, DLLs, or Visual Studio project files from untrusted sources including email attachments and unverified downloads. On high-risk systems, consider temporarily disabling .NET Framework versions not actively required by business applications, noting that many Windows components and third-party software have .NET dependencies that may break if disabled.

CVE-2026-33116 HIGH POC
7.5 Apr 14

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 a

CVE-2026-26171 HIGH POC
7.5 Apr 14

Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to ex

CVE-2026-42899 HIGH POC
7.5 May 12

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service o

CVE-2026-35433 HIGH POC
7.3 May 12

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-47303 HIGH
8.8 Jul 14

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged

CVE-2026-47300 HIGH
8.8 Jul 14

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged

CVE-2026-32175 MEDIUM POC
4.3 May 12

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully

CVE-2026-50528 HIGH
8.2 Jul 14

Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumve

CVE-2026-57108 HIGH
7.5 Jul 14

Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows a remote, unauthenticated attacker to crash or

CVE-2026-47302 HIGH
7.5 Jul 14

Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allo

CVE-2026-56170 HIGH
7.5 Jul 14

Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticate

CVE-2026-50524 HIGH
7.5 Jul 14

Remote denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows an unauthenticated network attacker to c

Vendor StatusVendor

Share

EUVD-2026-29572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy