CVE-2026-32177

HIGH

Microsoft .NET - Heap Buffer Overflow Privilege Escalation

Title source: manual
STIX 2.1

Description

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
.NET Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177

Scores

CVSS v3 7.3
EPSS 0.0010
EPSS Percentile 26.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-122 CWE-20
Status published
Products (14)
Microsoft/.NET 10.0 10.0.0 - 10.0.8
Microsoft/.NET 8.0 8.0.0 - 8.0.27
Microsoft/.NET 9.0 9.0.0 - 9.0.16
Microsoft/Microsoft .NET Framework 3.5 3.5.0 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 4.7.0 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft .NET Framework 3.5 AND 4.8 4.8.0 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft .NET Framework 3.5 AND 4.8.1 4.8.1 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4.7.0 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft .NET Framework 4.8 4.8.0 - 4.8.9334.0 and 4.8.4802.0
Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.0 - 15.9.80
... and 4 more
Published May 12, 2026
Tracked Since May 12, 2026