CVE-2022-41032

HIGH

NuGet Client - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-41032. PoCs published by ethomson.

AI-analyzed exploit summary This is a minimal stub demonstrating the structure of a potential attack against Newtonsoft.Json, but it lacks any exploitative functionality. The 'attack' method only writes a benign string.

Description

NuGet Client Elevation of Privilege Vulnerability

Exploits (1)

nomisec STUB 1 stars
by ethomson · poc
https://github.com/ethomson/cve-2022-41032

This is a minimal stub demonstrating the structure of a potential attack against Newtonsoft.Json, but it lacks any exploitative functionality. The 'attack' method only writes a benign string.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Newtonsoft.Json (version unspecified)
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.8
EPSS 0.1955
EPSS Percentile 95.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (12)
fedoraproject/fedora 35
fedoraproject/fedora 36
fedoraproject/fedora 37
microsoft/.net 6.0.0
microsoft/.net_core 3.1
microsoft/visual_studio_2019 16.0.0 - 16.9.26
microsoft/visual_studio_2022 17.0 - 17.0.15
microsoft/visual_studio_2022 17.3 - 17.3.6
microsoft/visual_studio_2022 17.3 - 17.3.7
nuget/NuGet.CommandLine 4.6.0 - 4.9.6NuGet
... and 2 more
Published Oct 11, 2022
Tracked Since Feb 18, 2026