PatchSiren cyber security CVE debrief
CVE-2026-32178 Microsoft CVE debrief
CVE-2026-32178 is a high-severity spoofing vulnerability in .NET that allows unauthorized attackers to perform spoofing over a network. The vulnerability has a CVSS score of 7.5 and is considered high severity. Microsoft has released an advisory on this vulnerability. Multiple Red Hat errata have been released to address this vulnerability. The vulnerability affects .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6. Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30 are also affected.
- Vendor
- Microsoft
- Product
- .NET 10.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-06-30
Who should care
Organizations using .NET, Visual Studio 2022, or Red Hat products should prioritize patching this vulnerability. The vulnerability allows for spoofing over a network, which could lead to unauthorized access or malicious activity. Red Hat and Microsoft have released advisories and patches to address this issue.
Technical summary
CVE-2026-32178 is a spoofing vulnerability in .NET that allows unauthorized attackers to perform spoofing over a network. The vulnerability is caused by improper neutralization of special elements. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Affected products include .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6, as well as Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30.
Defensive priority
High priority should be given to patching this vulnerability, as it allows for spoofing over a network. Organizations should review their .NET and Visual Studio 2022 deployments and apply patches as necessary.
Recommended defensive actions
- Apply patches for .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6.
- Apply patches for Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30.
- Review and apply Red Hat errata RHSA-2026:13280, RHSA-2026:13281, RHSA-2026:13282, RHSA-2026:13283, and RHSA-2026:13693.
- Monitor network activity for suspicious spoofing attempts.
- Implement additional security measures, such as network segmentation and access controls, to reduce the attack surface.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability and its CVSS score. Microsoft has released an advisory on this vulnerability, and Red Hat has released multiple errata to address it. The vulnerability affects multiple versions of .NET and Visual Studio 2022.
Official resources
-
CVE-2026-32178 CVE record
CVE.org
-
CVE-2026-32178 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.