Net Microsoft Net

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Net.

Recent Microsoft Net Security Advisories

Advisory Title Published
CVE-2026-50524 CVE-2026-50524 .NET Framework Denial of Service Vulnerability July 14, 2026
CVE-2026-56170 CVE-2026-56170 ASP.NET Core Denial of Service Vulnerability July 14, 2026
CVE-2026-47304 CVE-2026-47304 .NET Security Feature Bypass Vulnerability July 14, 2026
CVE-2026-50346 CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability July 14, 2026
CVE-2026-50696 CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability July 14, 2026
CVE-2026-45646 CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability July 14, 2026
CVE-2026-47303 CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability July 14, 2026
CVE-2026-47302 CVE-2026-47302 .NET Denial of Service Vulnerability July 14, 2026
CVE-2026-50506 CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability July 14, 2026
CVE-2026-56181 CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability July 14, 2026

By the Year

In 2026 there have been 33 vulnerabilities in Microsoft Net with an average score of 7.4 out of ten. Last year, in 2025 Net had 8 security vulnerabilities published. That is, 25 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.08.




Year Vulnerabilities Average Score
2026 33 7.42
2025 8 7.34
2024 20 7.57
2023 31 7.54
2022 11 7.12
2021 8 6.76
2020 4 5.00

It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Net Security Vulnerabilities

Jul 2026: .NET Spoofing Vulnerability
CVE-2026-50659 6.5 - Medium - July 14, 2026

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Output Sanitization

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-50651 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Elevation of Privilege Vulnerability
CVE-2026-50650 7.8 - High - July 14, 2026

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Code Injection

Jul 2026: .NET Remote Code Execution Vulnerability
CVE-2026-50649 7.8 - High - July 14, 2026

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

Marshaling, Unmarshaling

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50648 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Remote Code Execution Vulnerability
CVE-2026-50646 7.8 - High - July 14, 2026

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

Protection Mechanism Failure

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50527 7.5 - High - July 14, 2026

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

Stack Overflow

Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-50528 8.2 - High - July 14, 2026

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

AuthZ

Jul 2026: .NET Tampering Vulnerability
CVE-2026-50526 7 - High - July 14, 2026

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

insecure temporary file

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-50525 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50524 7.5 - High - July 14, 2026

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

Improper Validation of Specified Type of Input

Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-47304 8.1 - High - July 14, 2026

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

Improper Verification of Cryptographic Signature

Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47303 8.8 - High - July 14, 2026

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Authentication Bypass by Assumed-Immutable Data

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-47302 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47300 8.8 - High - July 14, 2026

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Incorrect Implementation of Authentication Algorithm

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-57108 7.5 - High - July 14, 2026

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

Object Type Confusion

Jul 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-56170 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jun 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-45591 7.5 - High - June 09, 2026

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Jun 2026: .NET SDK Elevation of Privilege Vulnerability
CVE-2026-45490 7.8 - High - June 09, 2026

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

AuthZ

Jun 2026: .NET Tampering Vulnerability
CVE-2026-45491 6.2 - Medium - June 09, 2026

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

insecure temporary file

May 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-42899 7.5 - High - May 12, 2026

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Infinite Loop

May 2026: .NET Core Tampering Vulnerability
CVE-2026-32175 4.3 - Medium - May 12, 2026

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Absolute Path Traversal

May 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-35433 7.3 - High - May 12, 2026

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Improper Input Validation

May 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-32177 7.3 - High - May 12, 2026

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Apr 2026: .NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203 7.5 - High - April 14, 2026

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

Stack Overflow

Apr 2026: .NET Denial of Service Vulnerability
CVE-2026-26171 7.5 - High - April 14, 2026

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-23666 7.5 - High - April 14, 2026

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

Improper Handling of Exceptional Conditions

Apr 2026: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116 7.5 - High - April 14, 2026

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

Infinite Loop

Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-32226 5.9 - Medium - April 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

Race Condition

Apr 2026: .NET Spoofing Vulnerability
CVE-2026-32178 7.5 - High - April 14, 2026

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

Improper Neutralization of Special Elements

Mar 2026: .NET Denial of Service Vulnerability
CVE-2026-26127 7.5 - High - March 10, 2026

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Out-of-bounds Read

Mar 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-26131 7.8 - High - March 10, 2026

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Incorrect Default Permissions

Feb 2026: .NET Spoofing Vulnerability
CVE-2026-21218 7.5 - High - February 10, 2026

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Improper Handling of Missing Special Element

Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248 4.8 - Medium - October 14, 2025

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Inadequate Encryption Strength

Oct 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-55247 7.3 - High - October 14, 2025

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

insecure temporary file

Jun 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399 7.5 - High - June 13, 2025

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

Untrusted Path

May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646 8 - High - May 13, 2025

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

External Control of File Name or Path

Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171 7.5 - High - January 14, 2025

.NET Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jan 2025: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176 8.8 - High - January 14, 2025

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Buffer Over-read

Jan 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-21173 7.3 - High - January 14, 2025

.NET Elevation of Privilege Vulnerability

Creation of Temporary File in Directory with Insecure Permissions

Jan 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172 7.5 - High - January 14, 2025

.NET and Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Oct 2024: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483 7.5 - High - October 08, 2024

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Inefficient Algorithmic Complexity

Oct 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43485 7.5 - High - October 08, 2024

.NET and Visual Studio Denial of Service Vulnerability

Inefficient Algorithmic Complexity

Oct 2024: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43484 7.5 - High - October 08, 2024

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Inefficient Algorithmic Complexity

Oct 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38229 8.1 - High - October 08, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Dangling pointer

Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167 6.5 - Medium - August 13, 2024

.NET and Visual Studio Information Disclosure Vulnerability

Cleartext Transmission of Sensitive Information

Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168 7.5 - High - August 13, 2024

.NET and Visual Studio Denial of Service Vulnerability

Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 8.1 - High - July 09, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095 7.5 - High - July 09, 2024

.NET and Visual Studio Denial of Service Vulnerability

Improper Input Validation

Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081 7.3 - High - July 09, 2024

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

insecure temporary file

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Net or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Net
Product

subscribe