Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-32177
PUBLISHED
More InfoOfficial Page
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2026 | 16:58
Updated At-15 May, 2026 | 17:12
Rejected At-
▼CVE Numbering Authority (CNA)
.NET Elevation of Privilege Vulnerability

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
.NET 10.0
Versions
Affected
  • From 10.0.0 before 10.0.8 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
.NET 8.0
Versions
Affected
  • From 8.0.0 before 8.0.27 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
.NET 9.0
Versions
Affected
  • From 9.0.0 before 9.0.16 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5
Platforms
  • Windows Server 2012
  • Windows Server 2012 R2
Versions
Affected
  • From 3.5.0 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.7.2
Platforms
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
Versions
Affected
  • From 4.7.0 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8
Platforms
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows Server 2022
Versions
Affected
  • From 4.8.0 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8.1
Platforms
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 25H2 for ARM64-based Systems
  • Windows 11 Version 25H2 for x64-based Systems
  • Windows 11 Version 26H1 for ARM64-based Systems
  • Windows 11 Version 26H1 for x64-based Systems
  • Windows 11 version 26H1 for x64-based Systems
  • Windows Server 2022
  • Windows Server 2025
Versions
Affected
  • From 4.8.1 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Platforms
  • Windows Server 2012
  • Windows Server 2012 R2
Versions
Affected
  • From 4.7.0 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.8
Platforms
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
Versions
Affected
  • From 4.8.0 before 4.8.9334.0 and 4.8.4802.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Versions
Affected
  • From 15.9.0 before 15.9.80 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Versions
Affected
  • From 16.11.0 before 16.11.56 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2022 version 17.12
Versions
Affected
  • From 17.12.0 before 17.12.20 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2022 version 17.14
Versions
Affected
  • From 17.14.0 before 17.14.31 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2026 version 18.5
Versions
Affected
  • From 18.5.0 before 18.5.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found