CVE-2026-32177 | THREATINT

Description

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

PUBLISHED Reserved 2026-03-11 | Published 2026-05-12 | Updated 2026-05-19 | Assigner microsoft

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

Problem types

CWE-122: Heap-based Buffer Overflow

CWE-20: Improper Input Validation

Product status

10.0.0 (custom) before 10.0.8

affected

8.0.0 (custom) before 8.0.27

affected

9.0.0 (custom) before 9.0.16

affected

3.5.0 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

4.7.0 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

4.8.0 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

4.8.1 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

4.7.0 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

4.8.0 (custom) before 4.8.9334.0 and 4.8.4802.0

affected

17.12.0 (custom) before 17.12.20

affected

17.14.0 (custom) before 17.14.31

affected

18.5.0 (custom) before 18.5.3

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177 (.NET Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2026-32177)

nvd.nist.gov (CVE-2026-32177)

Download JSON

help @ threatint.eu