Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 8.0.0 (custom) before 8.0.29
affected
9.0.0 (custom) before 9.0.18
affected
17.12.0 (custom) before 17.12.22
affected
17.14.0 (custom) before 17.14.36
affected
18.0 (custom) before 18.7.4
affected
Description
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
Problem types
CWE-502: Deserialization of Untrusted Data
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50649 (.NET Remote Code Execution Vulnerability)