CVE-2026-32177

HIGH7.3Memory safety

JSON export Create alert

Description

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft .NET Framework 3.53.5.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.7.24.7.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.84.8.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.8.14.8.1 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.24.7.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft .NET Framework 4.84.8.0 – 4.8.9334.0 and 4.8.4802.0
Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.20
Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.32
Microsoft / Microsoft Visual Studio 2026 version 18.518.5.0 – 18.5.3
Microsoft / .NET 10.010.0.0 – 10.0.8
Microsoft / .NET 8.08.0.0 – 8.0.27
Microsoft / .NET 9.09.0.0 – 9.0.16

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177