PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-32178 Microsoft CVE debrief

CVE-2026-32178 is a high-severity spoofing vulnerability in .NET that allows unauthorized attackers to perform spoofing over a network. The vulnerability has a CVSS score of 7.5 and is considered high severity. Microsoft has released an advisory on this vulnerability. Multiple Red Hat errata have been released to address this vulnerability. The vulnerability affects .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6. Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30 are also affected.

Vendor
Microsoft
Product
.NET 10.0
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-14
Original CVE updated
2026-06-30
Advisory published
2026-04-14
Advisory updated
2026-06-30

Who should care

Organizations using .NET, Visual Studio 2022, or Red Hat products should prioritize patching this vulnerability. The vulnerability allows for spoofing over a network, which could lead to unauthorized access or malicious activity. Red Hat and Microsoft have released advisories and patches to address this issue.

Technical summary

CVE-2026-32178 is a spoofing vulnerability in .NET that allows unauthorized attackers to perform spoofing over a network. The vulnerability is caused by improper neutralization of special elements. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Affected products include .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6, as well as Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30.

Defensive priority

High priority should be given to patching this vulnerability, as it allows for spoofing over a network. Organizations should review their .NET and Visual Studio 2022 deployments and apply patches as necessary.

Recommended defensive actions

  • Apply patches for .NET versions 8.0.0 to 8.0.26, 9.0.0 to 9.0.15, and 10.0.0 to 10.0.6.
  • Apply patches for Visual Studio 2022 versions 17.12.0 to 17.12.19 and 17.14.0 to 17.14.30.
  • Review and apply Red Hat errata RHSA-2026:13280, RHSA-2026:13281, RHSA-2026:13282, RHSA-2026:13283, and RHSA-2026:13693.
  • Monitor network activity for suspicious spoofing attempts.
  • Implement additional security measures, such as network segmentation and access controls, to reduce the attack surface.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability and its CVSS score. Microsoft has released an advisory on this vulnerability, and Red Hat has released multiple errata to address it. The vulnerability affects multiple versions of .NET and Visual Studio 2022.

Official resources

This article is AI-assisted and based on the supplied source corpus.