Net Microsoft Net

  1. Vendors
  2. Microsoft
  3. Net

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Net.

Recent Microsoft Net Security Advisories

Advisory Title Published
CVE-2026-3783 CVE-2026-3783 token leak with redirect and netrc March 12, 2026
CVE-2026-25679 CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url March 12, 2026
CVE-2026-26127 CVE-2026-26127 .NET Denial of Service Vulnerability March 10, 2026
CVE-2026-26130 CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability March 10, 2026
CVE-2026-26131 CVE-2026-26131 .NET Elevation of Privilege Vulnerability March 10, 2026
CVE-2026-27141 CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net March 5, 2026
CVE-2026-23231 CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain() March 5, 2026
CVE-2026-28417 CVE-2026-28417 Vim has OS Command Injection in netrw March 1, 2026
CVE-2026-22999 CVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class() February 28, 2026
CVE-2026-22997 CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts February 28, 2026

By the Year

In 2026 there have been 3 vulnerabilities in Microsoft Net with an average score of 7.6 out of ten. Last year, in 2025 Net had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Net in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.26.




Year Vulnerabilities Average Score
2026 3 7.60
2025 8 7.34
2024 16 7.55
2023 31 7.54
2022 10 7.05
2021 8 6.76
2020 4 5.00

It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Net Security Vulnerabilities

Mar 2026: .NET Denial of Service Vulnerability
CVE-2026-26127 7.5 - High - March 10, 2026

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Out-of-bounds Read

Mar 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-26131 7.8 - High - March 10, 2026

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Incorrect Default Permissions

Feb 2026: .NET Spoofing Vulnerability
CVE-2026-21218 7.5 - High - February 10, 2026

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Improper Handling of Missing Special Element

Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248 4.8 - Medium - October 14, 2025

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Inadequate Encryption Strength

Oct 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-55247 7.3 - High - October 14, 2025

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

insecure temporary file

Jun 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399 7.5 - High - June 13, 2025

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

Untrusted Path

May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646 8 - High - May 13, 2025

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

External Control of File Name or Path

Jan 2025: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176 8.8 - High - January 14, 2025

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Buffer Over-read

Jan 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-21173 7.3 - High - January 14, 2025

.NET Elevation of Privilege Vulnerability

Creation of Temporary File in Directory with Insecure Permissions

Jan 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172 7.5 - High - January 14, 2025

.NET and Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171 7.5 - High - January 14, 2025

.NET Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167 6.5 - Medium - August 13, 2024

.NET and Visual Studio Information Disclosure Vulnerability

Cleartext Transmission of Sensitive Information

Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168 7.5 - High - August 13, 2024

.NET and Visual Studio Denial of Service Vulnerability

Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081 7.3 - High - July 09, 2024

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

insecure temporary file

Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105 7.5 - High - July 09, 2024

.NET and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 8.1 - High - July 09, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095 7.5 - High - July 09, 2024

.NET and Visual Studio Denial of Service Vulnerability

Improper Input Validation

Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045 6.3 - Medium - May 14, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Visual Studio DoS via malformed input
CVE-2024-30046 - May 14, 2024

Visual Studio Denial of Service Vulnerability

Race Condition

Microsoft .NET Framework & Visual Studio RCE via CVE-2024-21409
CVE-2024-21409 7.3 - High - April 09, 2024

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Mar 2024: .NET Framework Information Disclosure Vulnerability
CVE-2024-29059 7.5 - High - March 23, 2024

.NET Framework Information Disclosure Vulnerability

Generation of Error Message Containing Sensitive Information

Microsoft QUIC DoS via malformed QUIC packets
CVE-2024-26190 7.5 - High - March 12, 2024

Microsoft QUIC Denial of Service Vulnerability

.NET / Visual Studio DoS Vulnerability (CVE-2024-21392)
CVE-2024-21392 7.5 - High - March 12, 2024

.NET and Visual Studio Denial of Service Vulnerability

Microsoft Identity Platform DoS Vulnerability (CVE-2024-21319)
CVE-2024-21319 6.8 - Medium - January 09, 2024

Microsoft Identity Denial of service vulnerability

Microsoft.Data.SqlClient SQL Feature Bypass Vulnerability
CVE-2024-0056 8.7 - High - January 09, 2024

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

Microsoft .NET Framework Security Bypass CVE-2024-0057
CVE-2024-0057 9.8 - Critical - January 09, 2024

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

.NET DoS Vulnerability (CVE-2024-20672)
CVE-2024-20672 7.5 - High - January 09, 2024

.NET Denial of Service Vulnerability

Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558 6.2 - Medium - November 14, 2023

ASP.NET Core Security Feature Bypass Vulnerability

Nov 2023: ASP.NET Core Denial of Service Vulnerability
CVE-2023-36038 8.2 - High - November 14, 2023

ASP.NET Core Denial of Service Vulnerability

Resource Exhaustion

Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049 7.6 - High - November 14, 2023

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Improper Input Validation

Nov 2023: Visual Studio Denial of Service Vulnerability
CVE-2023-36042 6.2 - Medium - November 14, 2023

Visual Studio Denial of Service Vulnerability

Heap-based Buffer Overflow

Nov 2023: ASP.NET Security Feature Bypass Vulnerability
CVE-2023-36560 8.8 - High - November 14, 2023

ASP.NET Security Feature Bypass Vulnerability

Microsoft QUIC component DoS via malformed packet
CVE-2023-38171 7.5 - High - October 10, 2023

Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC Stack DoS via Unvalidated Input
CVE-2023-36435 7.5 - High - October 10, 2023

Microsoft QUIC Denial of Service Vulnerability

HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487 7.5 - High - October 10, 2023

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Resource Exhaustion

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36792 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Sep 2023: .NET Framework Remote Code Execution Vulnerability
CVE-2023-36788 7.8 - High - September 12, 2023

.NET Framework Remote Code Execution Vulnerability

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36796 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer underflow

Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Integer underflow

Sep 2023: .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36799 6.5 - Medium - September 12, 2023

.NET Core and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

Microsoft ASP.NET Core SignalR & VS Info Disclosure (CVE-2023-35391)
CVE-2023-35391 7.5 - High - August 08, 2023

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

Aug 2023: .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38180 7.5 - High - August 08, 2023

.NET and Visual Studio Denial of Service Vulnerability

Resource Exhaustion

DoS in .NET Core (CVE-2023-38178)
CVE-2023-38178 7.5 - High - August 08, 2023

.NET Core and Visual Studio Denial of Service Vulnerability

Microsoft .NET & VS Remote Code Exec (CVE-2023-35390)
CVE-2023-35390 7.8 - High - August 08, 2023

.NET and Visual Studio Remote Code Execution Vulnerability

.NET/VS Elevation of Privilege via Internal Buffer Overflow
CVE-2023-33127 8.1 - High - July 11, 2023

.NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-33170: ASP.NET VS Security Feature Bypass
CVE-2023-33170 8.1 - High - July 11, 2023

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

Race Condition

.NET Framework & VS Remote Code Execution Vulnerability
CVE-2023-24897 7.8 - High - June 14, 2023

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework DoS via invalid input in Visual Studio
CVE-2023-29331 7.5 - High - June 14, 2023

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Microsoft .NET/Visual Studio Elevation of Privilege
CVE-2023-24936 7.5 - High - June 14, 2023

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Net or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Net
Product

subscribe