- Description
- A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- visual_studio_2022, visual_studio_2026, .net
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
Day 54: Two bounty payouts from @msftsecurity still stuck in error status on @intigriti with zero resolution. Payout IDs: U2QGDMNEHF and 5MUDC521GI. One is for a patched CVE (CVE-2026-32175). #bugbounty #cybersecurity
@artahirdev
29 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 52: Two bounty payouts from @msftsecurity still stuck in error status on @intigriti with zero resolution. Payout IDs: U2QGDMNEHF and 5MUDC521GI. One is for a patched CVE (CVE-2026-32175).
@artahirdev
27 May 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 51: Two bounty payouts from @msftsecurity still stuck in error status on @intigriti with zero resolution. Payout IDs: U2QGDMNEHF and 5MUDC521GI. One is for a patched CVE (CVE-2026-32175).
@artahirdev
26 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 50: Two bounty payouts from @msftsecurity still stuck in error status on @intigriti with zero resolution. Payout IDs: U2QGDMNEHF and 5MUDC521GI. One is for a patched CVE (CVE-2026-32175).
@artahirdev
25 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 49: Two bounty payouts from @msftsecurity still stuck in error status on @intigriti with zero resolution. Payout IDs: U2QGDMNEHF and 5MUDC521GI. One is for a patched CVE (CVE-2026-32175).
@artahirdev
24 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84C9D69D-F0FC-465F-94B8-832EB58B6788",
"versionEndExcluding": "17.12.20",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E6D45-68A5-4C90-869C-20A314303B12",
"versionEndExcluding": "17.14.32",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6538F8A2-3412-4A67-98DC-CD3A7BC4117E",
"versionEndExcluding": "18.5.3",
"versionStartIncluding": "18.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22FEE1A6-0E92-4E1A-B3C0-AD8DF6EE7B7B",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F144BCB-8CEA-451A-9048-2A706EA67262",
"versionEndExcluding": "9.0.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]