CVE-2026-32175
MEDIUM.NET 10.0 < 10.0.8, 9.0 < 9.0.16, 8.0 < 8.0.27 - Path Traversal and Arbitrary File Write
Title source: llmDescription
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
.NET Core Tampering Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
9.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-36
Status
published
Products (20)
Microsoft/.NET 10.0
10.0.0 - 10.0.8
Microsoft/.NET 8.0
8.0.0 - 8.0.27
Microsoft/.NET 9.0
9.0.0 - 9.0.16
Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
15.9.0 - 15.9.80
Microsoft/Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
16.11.0 - 16.11.56
Microsoft/Microsoft Visual Studio 2022 version 17.12
17.12.0 - 17.12.20
Microsoft/Microsoft Visual Studio 2022 version 17.14
17.14.0 - 17.14.31
Microsoft/Microsoft Visual Studio 2026 version 18.5
18.5.0 - 18.5.3
nuget/Microsoft.NetCore.App.Runtime.win-arm
10.0.0 - 10.0.8NuGet
nuget/Microsoft.NetCore.App.Runtime.win-arm
8.0.0 - 8.0.27NuGet
... and 10 more
Published
May 12, 2026
Tracked Since
May 12, 2026