Tampering Vulnerability in .NET Core by Microsoft
CVE-2026-32175

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: .net 10.0; .net 8.0; .net 9.0; Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-32175?

A tampering vulnerability exists in .NET Core, where the framework inadequately processes specially crafted files. This flaw allows an attacker to potentially write arbitrary files and directories to specific locations on a compromised system. While the attacker will have limited control over where these files are placed, the risk of unauthorized data manipulation remains significant. Exploiting this vulnerability requires the attacker to send a specifically crafted file to the vulnerable application. A security update has been released to address this issue, ensuring that .NET Core correctly manages file handling.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.8

.NET 8.0 8.0.0 < 8.0.27

.NET 9.0 9.0.0 < 9.0.16

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32175 Data

JSON