Heap-based Buffer Overflow in .NET by Microsoft
CVE-2026-32177

7.3HIGH

Key Information:

Vendor: Microsoft
Status: .net 10.0; .net 8.0; .net 9.0; Microsoft .net Framework 3.5
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-32177?

A heap-based buffer overflow vulnerability exists in the .NET framework that can allow an unauthorized attacker to gain elevated privileges on the affected system. Exploiting this vulnerability could lead to unauthorized control over system resources and sensitive data. Users are advised to apply the provided patches immediately to safeguard their systems from potential attacks.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.8

.NET 8.0 8.0.0 < 8.0.27

.NET 9.0 9.0.0 < 9.0.16

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32177 Data

JSON