{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32175", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.424Z", "datePublished": "2026-05-12T16:59:01.649Z", "dateUpdated": "2026-06-19T16:12:35.340Z"}, "containers": {"cna": {"title": ".NET Core Tampering Vulnerability", "datePublic": "2026-05-12T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.5.0", "versionEndExcluding": "18.5.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.14.0", "versionEndExcluding": "17.14.32"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndExcluding": "17.12.20"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"version": "10.0.0", "lessThan": "10.0.8", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"version": "8.0.0", "lessThan": "8.0.27", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"version": "9.0.0", "lessThan": "9.0.16", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "versions": [{"version": "17.12.0", "lessThan": "17.12.20", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "versions": [{"version": "17.14.0", "lessThan": "17.14.32", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2026 version 18.5", "versions": [{"version": "18.5.0", "lessThan": "18.5.3", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-36: Absolute Path Traversal", "lang": "en-US", "type": "CWE", "cweId": "CWE-36"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-06-19T16:12:35.340Z"}, "references": [{"name": ".NET Core Tampering Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-12T19:22:38.751667Z", "id": "CVE-2026-32175", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T19:22:51.487Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32175", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-12T19:22:38.751667Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T19:22:44.313Z"}}], "cna": {"title": ".NET Core Tampering Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.8", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "8.0.27", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.0.16", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "versions": [{"status": "affected", "version": "17.12.0", "lessThan": "17.12.20", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "versions": [{"status": "affected", "version": "17.14.0", "lessThan": "17.14.32", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2026 version 18.5", "versions": [{"status": "affected", "version": "18.5.0", "lessThan": "18.5.3", "versionType": "custom"}]}], "datePublic": "2026-05-12T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175", "name": ".NET Core Tampering Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.8", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.0.27", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9.0.16", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "18.5.3", "versionStartIncluding": "18.5.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.14.32", "versionStartIncluding": "17.14.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.12.20", "versionStartIncluding": "17.12.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-06-19T16:12:35.340Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32175", "state": "PUBLISHED", "dateUpdated": "2026-06-19T16:12:35.340Z", "dateReserved": "2026-03-11T00:26:53.424Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-05-12T16:59:01.649Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"product": ".NET 10.0", "vendor": "Microsoft", "versions": [{"lessThan": "10.0.8", "status": "affected", "version": "10.0.0", "versionType": "custom"}]}, {"product": ".NET 8.0", "vendor": "Microsoft", "versions": [{"lessThan": "8.0.27", "status": "affected", "version": "8.0.0", "versionType": "custom"}]}, {"product": ".NET 9.0", "vendor": "Microsoft", "versions": [{"lessThan": "9.0.16", "status": "affected", "version": "9.0.0", "versionType": "custom"}]}, {"product": "Microsoft Visual Studio 2022 version 17.12", "vendor": "Microsoft", "versions": [{"lessThan": "17.12.20", "status": "affected", "version": "17.12.0", "versionType": "custom"}]}, {"product": "Microsoft Visual Studio 2022 version 17.14", "vendor": "Microsoft", "versions": [{"lessThan": "17.14.32", "status": "affected", "version": "17.14.0", "versionType": "custom"}]}, {"product": "Microsoft Visual Studio 2026 version 18.5", "vendor": "Microsoft", "versions": [{"lessThan": "18.5.3", "status": "affected", "version": "18.5.0", "versionType": "custom"}]}], "source": "secure@microsoft.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."}], "id": "CVE-2026-32175", "lastModified": "2026-06-17T10:35:17.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secure@microsoft.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-32175", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-12T19:22:38.751667Z", "version": "2.0.3"}}]}, "published": "2026-05-12T18:16:58.737", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{"bugzilla": {"description": "dotnet: .NET: improper handling of files allows an attacker to write to certain locations", "id": "2476651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476651"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-36", "details": ["A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.", "A flaw was found in dotnet. Improper handling of specially crafted files can cause a path traversal vulnerability in .NET Core, allowing an attacker who can send a malicious file to a vulnerable system to write to arbitrary files and directories in certain locations."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-32175", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "dotnet10.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Under investigation", "package_name": "dotnet10.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Under investigation", "package_name": "dotnet8.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Under investigation", "package_name": "dotnet9.0", "product_name": "Red Hat Hardened Images"}], "public_date": "2026-05-12T16:59:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32175\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32175\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"], "statement": "This vulnerability can be exploited by an attacker who can send specially crafted files to a vulnerable system. However, the attacker has limited control over the destination of the files and directories that can be accessed, limiting the impact of this flaw. Due to these reasons, this issue has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.0.8)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "matching"}]}, "original": {"product": ".NET 10.0", "source": "cna", "vendor": "Microsoft"}, "product": ".net", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.27)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": ".NET 8.0", "source": "cna", "vendor": "Microsoft"}, "product": ".net", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0,9.0.16)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": ".NET 9.0", "source": "cna", "vendor": "Microsoft"}, "product": ".net", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[17.14.0,17.14.31)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "Microsoft Visual Studio 2022 version 17.14", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_visual_studio_2022", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[15.9.0,15.9.80)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", "source": "cna", "vendor": "Microsoft"}, "product": "visual_studio_2017", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[16.11.0,16.11.56)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "source": "cna", "vendor": "Microsoft"}, "product": "visual_studio_2019", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[17.12.0,17.12.20)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Visual Studio 2022 version 17.12", "source": "cna", "vendor": "Microsoft"}, "product": "visual_studio_2022", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.5.0,18.5.3)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Visual Studio 2026 version 18.5", "source": "cna", "vendor": "Microsoft"}, "product": "visual_studio_2026", "vendor": "microsoft"}], "created": "2026-05-12T19:00:20.295383+00:00", "updated": "2026-05-13T10:00:10.877006+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$.net", "microsoft$PRODUCT$microsoft_visual_studio_2022", "microsoft$PRODUCT$visual_studio_2017", "microsoft$PRODUCT$visual_studio_2019", "microsoft$PRODUCT$visual_studio_2022", "microsoft$PRODUCT$visual_studio_2026"]}