Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NuGet | Microsoft.NetCore.App.Runtime.linux-arm64 | 8.0.0, 9.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.win-arm | 9.0.0, 8.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.win-arm64 | 10.0.0, 8.0.0, 9.0.0 |
| Microsoft | Microsoft Visual Studio 2022 version 17.12 | 17.12.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-x64 | 9.0.0, 8.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-arm | 9.0.0, 8.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.win-x64 | 8.0.0, 10.0.0, 9.0.0 |
| Microsoft | Microsoft Visual Studio 2022 version 17.14 | 17.14.0 |
| Microsoft | .NET 8.0 | 8.0, 8.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-x64 | 8.0.0, 10.0.0, 9.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.win-x86 | 9.0.0, 8.0.0, 10.0.0 |
| Microsoft | .NET 10.0 | 10.0.0 |
| microsoft | visual_studio_2022 | 17.12.0, 17.14.0 |
| microsoft | .net | 8.0, 10.0.0, 8.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-arm | 9.0.0, 8.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-arm64 | 8.0.0, 9.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.osx-x64 | 9.0.0, 10.0.0, 8.0.0 |
| Microsoft | .NET 9.0 | 9.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.osx-arm64 | 8.0.0, 9.0.0, 10.0.0 |
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 15, 2026 Security Advisory
- Apr 15, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
References
- .NET Spoofing Vulnerability vendor-advisory
- https://github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvc url
- https://nvd.nist.gov/vuln/detail/CVE-2026-32178 advisory
- https://github.com/dotnet/announcements/issues/12345 url
- https://github.com/dotnet/runtime package
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810 advisory
…and 4 more