CVE-2026-32178

HIGH7.5JSON export Create alert

Description

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.19
Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.30
Microsoft / .NET 10.010.0.0 – 10.0.6
Microsoft / .NET 8.08.0 – 8.0.26
Microsoft / .NET 8.08.0.0 – 8.0.26
Microsoft / .NET 9.09.0.0 – 9.0.15

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178