CVE-2026-32177 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	.net Visual Studio 2017 Visual Studio 2019 Visual Studio 2022 Visual Studio 2026

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177

History

Tue, 12 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Title		.NET Elevation of Privilege Vulnerability
First Time appeared		Microsoft Microsoft .net Microsoft visual Studio 2017 Microsoft visual Studio 2019 Microsoft visual Studio 2022 Microsoft visual Studio 2026
Weaknesses		CWE-122 CWE-20
CPEs		cpe:2.3:a:microsoft:.net:::::::: cpe:2.3:a:microsoft:visual_studio_2017:::::::: cpe:2.3:a:microsoft:visual_studio_2019:::::::: cpe:2.3:a:microsoft:visual_studio_2022:::::::: cpe:2.3:a:microsoft:visual_studio_2026::::::::
Vendors & Products		Microsoft Microsoft .net Microsoft visual Studio 2017 Microsoft visual Studio 2019 Microsoft visual Studio 2022 Microsoft visual Studio 2026
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-05-12T16:58:15.551Z

Updated: 2026-05-13T03:55:56.029Z

Reserved: 2026-03-11T00:26:53.425Z

Link: CVE-2026-32177

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-12T18:16:58.947

Modified: 2026-05-12T18:16:58.947

Link: CVE-2026-32177

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T20:15:24Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32177", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.425Z", "datePublished": "2026-05-12T16:58:15.551Z", "dateUpdated": "2026-05-13T03:55:56.029Z"}, "containers": {"cna": {"title": ".NET Elevation of Privilege Vulnerability", "datePublic": "2026-05-12T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.9.0", "versionEndExcluding": "15.9.80"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.11.0", "versionEndExcluding": "16.11.56"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndExcluding": "17.12.20"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.14.0", "versionEndExcluding": "17.14.31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.5.0", "versionEndExcluding": "18.5.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.1", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "4.8.9334.0 and 4.8.4802.0"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 10.0", "versions": [{"version": "10.0.0", "lessThan": "10.0.8", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"version": "8.0.0", "lessThan": "8.0.27", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"version": "9.0.0", "lessThan": "9.0.16", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5", "platforms": ["Windows Server 2012", "Windows Server 2012 R2"], "versions": [{"version": "3.5.0", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.7.2", "platforms": ["Windows 10 Version 1809 for x64-based Systems"], "versions": [{"version": "4.7.0", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8", "platforms": ["Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows Server 2022"], "versions": [{"version": "4.8.0", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8.1", "platforms": ["Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 11 Version 23H2 for x64-based Systems", "Windows 11 Version 24H2 for x64-based Systems", "Windows 11 Version 25H2 for ARM64-based Systems", "Windows 11 Version 25H2 for x64-based Systems", "Windows 11 Version 26H1 for ARM64-based Systems", "Windows 11 Version 26H1 for x64-based Systems", "Windows Server 2022"], "versions": [{"version": "4.8.1", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "platforms": ["Windows Server 2012", "Windows Server 2012 R2"], "versions": [{"version": "4.7.0", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.8", "platforms": ["Windows 10 Version 1607 for x64-based Systems", "Windows Server 2012", "Windows Server 2012 R2"], "versions": [{"version": "4.8.0", "lessThan": "4.8.9334.0 and 4.8.4802.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", "versions": [{"version": "15.9.0", "lessThan": "15.9.80", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "versions": [{"version": "16.11.0", "lessThan": "16.11.56", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.12", "versions": [{"version": "17.12.0", "lessThan": "17.12.20", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.14", "versions": [{"version": "17.14.0", "lessThan": "17.14.31", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2026 version 18.5", "versions": [{"version": "18.5.0", "lessThan": "18.5.3", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}, {"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:53:14.074Z"}, "references": [{"name": ".NET Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32177"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T03:55:56.029Z"}}]}}