CVE-2026-32175

Summary

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Affected Software

VendorProductVersion RangeStatus
Microsoft.NET 10.010.0.0 < 10.0.8affected
Microsoft.NET 8.08.0.0 < 8.0.27affected
Microsoft.NET 9.09.0.0 < 9.0.16affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1217.12.0 < 17.12.20affected
MicrosoftMicrosoft Visual Studio 2022 version 17.1417.14.0 < 17.14.32affected
MicrosoftMicrosoft Visual Studio 2026 version 18.518.5.0 < 18.5.3affected

Weaknesses

  • CWE-36: CWE-36: Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References