Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for Microsoft Visual Studio 2026 version 18.7 by Microsoft

    CVE-2026-50659 (GCVE-0-2026-50659)

    Vulnerability from nvd – Published: 2026-07-14 19:40 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Spoofing Vulnerability
    Summary
    Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:32:29.416499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:15.949Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50659"
            }
          ],
          "title": ".NET Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50659",
        "datePublished": "2026-07-14T19:40:15.949Z",
        "dateReserved": "2026-06-05T14:33:50.831Z",
        "dateUpdated": "2026-07-14T20:48:09.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50651 (GCVE-0-2026-50651)

    Vulnerability from nvd – Published: 2026-07-14 19:40 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:36:47.942941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:13.750Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50651"
            }
          ],
          "title": ".NET Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50651",
        "datePublished": "2026-07-14T19:40:13.750Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T20:48:09.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50650 (GCVE-0-2026-50650)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Framework Elevation of Privilege Vulnerability
    Summary
    Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper control of generation of code (\u0027code injection\u0027) in .NET Framework allows an unauthorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:13.271Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50650"
            }
          ],
          "title": ".NET Framework Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50650",
        "datePublished": "2026-07-14T19:29:58.620Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:13.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50649 (GCVE-0-2026-50649)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Remote Code Execution Vulnerability
    Summary
    Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:12.699Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50649"
            }
          ],
          "title": ".NET Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50649",
        "datePublished": "2026-07-14T19:29:57.970Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:12.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50648 (GCVE-0-2026-50648)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.29 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.36 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.7 Affected: 18.0 , < 18.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:33:05.634179Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:12.055Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50648"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50648",
        "datePublished": "2026-07-14T19:29:57.312Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T20:48:09.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50646 (GCVE-0-2026-50646)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Framework Remote Code Execution Vulnerability
    Summary
    Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-693 - Protection Mechanism Failure
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:10.902Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50646"
            }
          ],
          "title": ".NET Framework Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50646",
        "datePublished": "2026-07-14T19:29:56.821Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:10.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50528 (GCVE-0-2026-50528)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Security Feature Bypass Vulnerability
    Summary
    Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-302 - Authentication Bypass by Assumed-Immutable Data
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-302",
                  "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:10.329Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50528"
            }
          ],
          "title": ".NET Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50528",
        "datePublished": "2026-07-14T19:29:56.224Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T19:40:10.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50527 (GCVE-0-2026-50527)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.29 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.36 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.7 Affected: 18.0 , < 18.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:36:38.463480Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:09.667Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50527"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50527",
        "datePublished": "2026-07-14T19:29:55.564Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:09.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50526 (GCVE-0-2026-50526)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Tampering Vulnerability
    Summary
    Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in .NET allows an authorized attacker to perform tampering locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:09.111Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Tampering Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50526"
            }
          ],
          "title": ".NET Tampering Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50526",
        "datePublished": "2026-07-14T19:29:54.992Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T19:40:09.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50525 (GCVE-0-2026-50525)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:33:59.887618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.961Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:08.542Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50525"
            }
          ],
          "title": ".NET Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50525",
        "datePublished": "2026-07-14T19:29:54.357Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:09.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50524 (GCVE-0-2026-50524)

    Vulnerability from nvd – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:34:12.688606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:10.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:08.413Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50524"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50524",
        "datePublished": "2026-07-14T19:29:53.872Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:10.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47305 (GCVE-0-2026-47305)

    Vulnerability from nvd – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:42
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:42:27.835Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47305"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47305",
        "datePublished": "2026-07-14T18:45:34.402Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:42:27.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47304 (GCVE-0-2026-47304)

    Vulnerability from nvd – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:38
    VLAI
    Title
    .NET Security Feature Bypass Vulnerability
    Summary
    Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:07.118Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47304"
            }
          ],
          "title": ".NET Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47304",
        "datePublished": "2026-07-14T18:45:33.914Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:38:07.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47303 (GCVE-0-2026-47303)

    Vulnerability from nvd – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:38
    VLAI
    Title
    ASP.NET Core Elevation of Privilege Vulnerability
    Summary
    Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-302 - Authentication Bypass by Assumed-Immutable Data
    • CWE-863 - Incorrect Authorization
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47303",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:11:23.820525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:11:30.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-302",
                  "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:06.521Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47303"
            }
          ],
          "title": "ASP.NET Core Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47303",
        "datePublished": "2026-07-14T18:45:33.438Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:38:06.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47302 (GCVE-0-2026-47302)

    Vulnerability from nvd – Published: 2026-07-14 18:45 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.29 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.36 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.7 Affected: 18.0 , < 18.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:34:26.536141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:10.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:05.938Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47302"
            }
          ],
          "title": ".NET Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47302",
        "datePublished": "2026-07-14T18:45:32.796Z",
        "dateReserved": "2026-05-18T23:53:33.897Z",
        "dateUpdated": "2026-07-14T20:48:10.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47300 (GCVE-0-2026-47300)

    Vulnerability from nvd – Published: 2026-07-14 18:20 – Updated: 2026-07-14 19:38
    VLAI
    Title
    ASP.NET Core Elevation of Privilege Vulnerability
    Summary
    Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
    CWE
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:04.810Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47300"
            }
          ],
          "title": "ASP.NET Core Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47300",
        "datePublished": "2026-07-14T18:20:12.225Z",
        "dateReserved": "2026-05-18T23:53:33.897Z",
        "dateUpdated": "2026-07-14T19:38:04.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50659 (GCVE-0-2026-50659)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:40 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Spoofing Vulnerability
    Summary
    Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:32:29.416499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:15.949Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50659"
            }
          ],
          "title": ".NET Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50659",
        "datePublished": "2026-07-14T19:40:15.949Z",
        "dateReserved": "2026-06-05T14:33:50.831Z",
        "dateUpdated": "2026-07-14T20:48:09.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50651 (GCVE-0-2026-50651)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:40 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:36:47.942941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:13.750Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50651"
            }
          ],
          "title": ".NET Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50651",
        "datePublished": "2026-07-14T19:40:13.750Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T20:48:09.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50650 (GCVE-0-2026-50650)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Framework Elevation of Privilege Vulnerability
    Summary
    Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper control of generation of code (\u0027code injection\u0027) in .NET Framework allows an unauthorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:13.271Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50650"
            }
          ],
          "title": ".NET Framework Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50650",
        "datePublished": "2026-07-14T19:29:58.620Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:13.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50649 (GCVE-0-2026-50649)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Remote Code Execution Vulnerability
    Summary
    Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:12.699Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50649"
            }
          ],
          "title": ".NET Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50649",
        "datePublished": "2026-07-14T19:29:57.970Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:12.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50648 (GCVE-0-2026-50648)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.29 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.36 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.7 Affected: 18.0 , < 18.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:33:05.634179Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:12.055Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50648"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50648",
        "datePublished": "2026-07-14T19:29:57.312Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T20:48:09.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50646 (GCVE-0-2026-50646)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Framework Remote Code Execution Vulnerability
    Summary
    Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-693 - Protection Mechanism Failure
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:10.902Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50646"
            }
          ],
          "title": ".NET Framework Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50646",
        "datePublished": "2026-07-14T19:29:56.821Z",
        "dateReserved": "2026-06-05T14:33:50.830Z",
        "dateUpdated": "2026-07-14T19:40:10.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50528 (GCVE-0-2026-50528)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Security Feature Bypass Vulnerability
    Summary
    Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-302 - Authentication Bypass by Assumed-Immutable Data
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-302",
                  "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:10.329Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50528"
            }
          ],
          "title": ".NET Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50528",
        "datePublished": "2026-07-14T19:29:56.224Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T19:40:10.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50527 (GCVE-0-2026-50527)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.29 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.4143.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4803.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.14 Affected: 17.14.0 , < 17.14.36 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2026 version 18.7 Affected: 18.0 , < 18.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:36:38.463480Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows 11 Version 25H2 for ARM64-based Systems",
                "Windows 11 Version 25H2 for x64-based Systems",
                "Windows 11 Version 26H1 for ARM64-based Systems",
                "Windows 11 version 26H1 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2025",
                "Windows Server 2025 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4143.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4803.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4143.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:09.667Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50527"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50527",
        "datePublished": "2026-07-14T19:29:55.564Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:09.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50526 (GCVE-0-2026-50526)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40
    VLAI
    Title
    .NET Tampering Vulnerability
    Summary
    Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in .NET allows an authorized attacker to perform tampering locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:09.111Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Tampering Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50526"
            }
          ],
          "title": ".NET Tampering Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50526",
        "datePublished": "2026-07-14T19:29:54.992Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T19:40:09.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50525 (GCVE-0-2026-50525)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Denial of Service Vulnerability
    Summary
    Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:33:59.887618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:09.961Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:40:08.542Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50525"
            }
          ],
          "title": ".NET Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50525",
        "datePublished": "2026-07-14T19:29:54.357Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:09.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50524 (GCVE-0-2026-50524)

    Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 20:48
    VLAI
    Title
    .NET Framework Denial of Service Vulnerability
    Summary
    Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T20:34:12.688606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T20:48:10.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:08.413Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Framework Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50524"
            }
          ],
          "title": ".NET Framework Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50524",
        "datePublished": "2026-07-14T19:29:53.872Z",
        "dateReserved": "2026-06-04T19:00:41.293Z",
        "dateUpdated": "2026-07-14T20:48:10.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47305 (GCVE-0-2026-47305)

    Vulnerability from cvelistv5 – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:42
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:42:27.835Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47305"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47305",
        "datePublished": "2026-07-14T18:45:34.402Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:42:27.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47304 (GCVE-0-2026-47304)

    Vulnerability from cvelistv5 – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:38
    VLAI
    Title
    .NET Security Feature Bypass Vulnerability
    Summary
    Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:07.118Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47304"
            }
          ],
          "title": ".NET Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47304",
        "datePublished": "2026-07-14T18:45:33.914Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:38:07.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47303 (GCVE-0-2026-47303)

    Vulnerability from cvelistv5 – Published: 2026-07-14 18:45 – Updated: 2026-07-14 19:38
    VLAI
    Title
    ASP.NET Core Elevation of Privilege Vulnerability
    Summary
    Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-302 - Authentication Bypass by Assumed-Immutable Data
    • CWE-863 - Incorrect Authorization
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Date Public
    2026-07-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47303",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:11:23.820525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:11:30.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 10.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.29",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.18",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.22",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.14.36",
                  "status": "affected",
                  "version": "17.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2026 version 18.7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.7.4",
                  "status": "affected",
                  "version": "18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.6",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.29",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.18",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.22",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.14.36",
                      "versionStartIncluding": "17.14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.7.4",
                      "versionStartIncluding": "18.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-302",
                  "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T19:38:06.521Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET Core Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47303"
            }
          ],
          "title": "ASP.NET Core Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-47303",
        "datePublished": "2026-07-14T18:45:33.438Z",
        "dateReserved": "2026-05-18T23:53:33.898Z",
        "dateUpdated": "2026-07-14T19:38:06.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }