HIGHCVE-2026-32177Published Modified CNA microsoft
CVE-2026-32177: .NET Elevation of Privilege Vulnerability
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.3
- Severity
- HIGH
- Fixed in
- 4.8.9334.0 and 4.8.4802.0
- Affected Products
- 12
Fix available
4.8.9334.0 and 4.8.4802.08.0.279.0.1610.0.817.12.2017.14.3118.5.3
Patch commits
Affected packages
- Microsoft / .NET 10.0< 10.0.8 (from 10.0.0)
- Microsoft / .NET 8.0< 8.0.27 (from 8.0.0)
- Microsoft / .NET 9.0< 9.0.16 (from 9.0.0)
- Microsoft / Microsoft .NET Framework 3.5< 4.8.9334.0 and 4.8.4802.0 (from 3.5.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.7.2< 4.8.9334.0 and 4.8.4802.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8< 4.8.9334.0 and 4.8.4802.0 (from 4.8.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8.1< 4.8.9334.0 and 4.8.4802.0 (from 4.8.1)
- Microsoft / Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2< 4.8.9334.0 and 4.8.4802.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 4.8< 4.8.9334.0 and 4.8.4802.0 (from 4.8.0)
- Microsoft / Microsoft Visual Studio 2022 version 17.12< 17.12.20 (from 17.12.0)
- Microsoft / Microsoft Visual Studio 2022 version 17.14< 17.14.31 (from 17.14.0)
- Microsoft / Microsoft Visual Studio 2026 version 18.5< 18.5.3 (from 18.5.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C