Home

Description

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

PUBLISHED Reserved 2026-03-11 | Published 2026-05-12 | Updated 2026-05-20 | Assigner microsoft




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Problem types

CWE-36: Absolute Path Traversal

Product status

10.0.0 (custom) before 10.0.8
affected

8.0.0 (custom) before 8.0.27
affected

9.0.0 (custom) before 9.0.16
affected

17.12.0 (custom) before 17.12.20
affected

17.14.0 (custom) before 17.14.31
affected

18.5.0 (custom) before 18.5.3
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175 (.NET Core Tampering Vulnerability) vendor-advisory patch

cve.org (CVE-2026-32175)

nvd.nist.gov (CVE-2026-32175)

Download JSON