Vulnerability-Lookup

MSRC_CVE-2026-32175

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-05-12 07:00

Summary

.NET Core Tampering Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-32175

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CWE-36 - Absolute Path Traversal

Affected products

Fixed 8 products

Product	Identifier	Version	Remediation
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.80 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)		15.9.80
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.56 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)		16.11.56
.NET 8.0 installed on Windows 8.0.27 .NET 8.0 installed on Windows		8.0.27
.NET 9.0 installed on Windows 9.0.16 .NET 9.0 installed on Windows		9.0.16
Microsoft Visual Studio 2022 version 17.12 17.12.20 Microsoft Visual Studio 2022 version 17.12		17.12.20
Microsoft Visual Studio 2022 version 17.14 17.14.31 Microsoft Visual Studio 2022 version 17.14		17.14.31
.NET 10.0 installed on Windows 10.0.8 .NET 10.0 installed on Windows		10.0.8
Microsoft Visual Studio 2026 version 18.5 18.5.3 Microsoft Visual Studio 2026 version 18.5		18.5.3

Known affected 8 products

Product	Version	Remediation
Microsoft Visual Studio 2026 version 18.5 <18.5.3 Microsoft Visual Studio 2026 version 18.5	<18.5.3	Vendor Fix fix
.NET 10.0 installed on Windows <10.0.8 .NET 10.0 installed on Windows	<10.0.8	Vendor Fix fix
Microsoft Visual Studio 2022 version 17.14 <17.14.31 Microsoft Visual Studio 2022 version 17.14	<17.14.31	Vendor Fix fix
Microsoft Visual Studio 2022 version 17.12 <17.12.20 Microsoft Visual Studio 2022 version 17.12	<17.12.20	Vendor Fix fix
.NET 9.0 installed on Windows <9.0.16 .NET 9.0 installed on Windows	<9.0.16	Vendor Fix fix
.NET 8.0 installed on Windows <8.0.27 .NET 8.0 installed on Windows	<8.0.27	Vendor Fix fix
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) <16.11.56 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	<16.11.56	Vendor Fix fix
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) <15.9.80 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	<15.9.80	Vendor Fix fix

Threats

Impact Tampering

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Anonymous

Radek Zikmund with Microsoft s.r.o.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Anonymous"
        ]
      },
      {
        "names": [
          "Radek Zikmund with Microsoft s.r.o."
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-32175 .NET Core Tampering Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
      },
      {
        "category": "self",
        "summary": "CVE-2026-32175 .NET Core Tampering Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32175.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": ".NET Core Tampering Vulnerability",
    "tracking": {
      "current_release_date": "2026-05-12T07:00:00.000Z",
      "generator": {
        "date": "2026-05-12T17:53:08.949Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-32175",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-12T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.8",
            "product": {
              "name": ".NET 10.0 installed on Windows \u003c10.0.8",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.8",
            "product": {
              "name": ".NET 10.0 installed on Windows 10.0.8",
              "product_id": "20837"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 10.0 installed on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c8.0.27",
            "product": {
              "name": ".NET 8.0 installed on Windows \u003c8.0.27",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "8.0.27",
            "product": {
              "name": ".NET 8.0 installed on Windows 8.0.27",
              "product_id": "12414"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 8.0 installed on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c9.0.16",
            "product": {
              "name": ".NET 9.0 installed on Windows \u003c9.0.16",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "9.0.16",
            "product": {
              "name": ".NET 9.0 installed on Windows 9.0.16",
              "product_id": "12434"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 9.0 installed on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c18.5.3",
            "product": {
              "name": "Microsoft Visual Studio 2026 version 18.5 \u003c18.5.3",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "18.5.3",
            "product": {
              "name": "Microsoft Visual Studio 2026 version 18.5 18.5.3",
              "product_id": "21244"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2026 version 18.5"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.14.31",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.14 \u003c17.14.31",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "17.14.31",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.14 17.14.31",
              "product_id": "16767"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2022 version 17.14"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.11.56",
            "product": {
              "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) \u003c16.11.56",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "16.11.56",
            "product": {
              "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.56",
              "product_id": "11935"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.9.80",
            "product": {
              "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \u003c15.9.80",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "15.9.80",
            "product": {
              "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.80",
              "product_id": "11600"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.12.20",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.12 \u003c17.12.20",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "17.12.20",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.12 17.12.20",
              "product_id": "12459"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2022 version 17.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-32175",
      "cwe": {
        "id": "CWE-36",
        "name": "Absolute Path Traversal"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "11600",
          "11935",
          "12414",
          "12434",
          "12459",
          "16767",
          "20837",
          "21244"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32175 .NET Core Tampering Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
        },
        {
          "category": "self",
          "summary": "CVE-2026-32175 .NET Core Tampering Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32175.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "10.0.8:Security Update:https://support.microsoft.com/help/5093446",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5093446"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "8.0.27:Security Update:https://support.microsoft.com/help/5093447",
          "product_ids": [
            "6"
          ],
          "url": "https://support.microsoft.com/help/5093447"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "9.0.16:Security Update:https://support.microsoft.com/help/5093448",
          "product_ids": [
            "5"
          ],
          "url": "https://support.microsoft.com/help/5093448"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "18.5.3:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes",
          "product_ids": [
            "1"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "17.14.31:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
          "product_ids": [
            "3"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "16.11.56:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes",
          "product_ids": [
            "7"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "15.9.80:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2017/release-notes",
          "product_ids": [
            "8"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2017/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-12T07:00:00.000Z",
          "details": "17.12.20:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
          "product_ids": [
            "4"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Tampering"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": ".NET Core Tampering Vulnerability"
    }
  ]
}

CVE-2026-32175 (GCVE-0-2026-32175)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-05-14 18:08

Title

.NET Core Tampering Vulnerability

Summary

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CWE

CWE-36 - Absolute Path Traversal

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	.NET 10.0	Affected: 10.0.0 , < 10.0.8 (custom)
Microsoft	.NET 8.0	Affected: 8.0.0 , < 8.0.27 (custom)
Microsoft	.NET 9.0	Affected: 9.0.0 , < 9.0.16 (custom)
Microsoft	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	Affected: 15.9.0 , < 15.9.80 (custom)
Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Affected: 16.11.0 , < 16.11.56 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.12	Affected: 17.12.0 , < 17.12.20 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.14	Affected: 17.14.0 , < 17.14.31 (custom)
Microsoft	Microsoft Visual Studio 2026 version 18.5	Affected: 18.5.0 , < 18.5.3 (custom)

Date Public ?

2026-05-12 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T19:22:38.751667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T19:22:51.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.8",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.27",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.16",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.80",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.56",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.12.20",
              "status": "affected",
              "version": "17.12.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2022 version 17.14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.14.31",
              "status": "affected",
              "version": "17.14.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2026 version 18.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.5.3",
              "status": "affected",
              "version": "18.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.8",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.27",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.16",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.5.3",
                  "versionStartIncluding": "18.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.14.31",
                  "versionStartIncluding": "17.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.56",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.80",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.12.20",
                  "versionStartIncluding": "17.12.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36: Absolute Path Traversal",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T18:08:26.990Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Core Tampering Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
        }
      ],
      "title": ".NET Core Tampering Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-32175",
    "datePublished": "2026-05-12T16:59:01.649Z",
    "dateReserved": "2026-03-11T00:26:53.424Z",
    "dateUpdated": "2026-05-14T18:08:26.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2026-32175

CVE-2026-32175 (GCVE-0-2026-32175)

Tags

Sightings

Nomenclature