CVE-2026-32175 MEDIUM

CVE-2026-32175: .NET Core Tampering Vulnerability

Vendor Microsoft
Product .NET 10.0
Weakness CWE-36
Published May 12, 2026
Last update June 9, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
June 9, 2026 Record updated