Microsoft Net
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Net.
Recent Microsoft Net Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-35423 | CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability | May 12, 2026 |
| CVE-2026-35433 | CVE-2026-35433 .NET Elevation of Privilege Vulnerability | May 12, 2026 |
| CVE-2026-32175 | CVE-2026-32175 .NET Core Tampering Vulnerability | May 12, 2026 |
| CVE-2026-42899 | CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-35424 | CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-41089 | CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-32177 | CVE-2026-32177 .NET Elevation of Privilege Vulnerability | May 12, 2026 |
| CVE-2026-43421 | CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move | May 11, 2026 |
| CVE-2026-31725 | CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move | May 11, 2026 |
| CVE-2026-43036 | CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check | May 11, 2026 |
By the Year
In 2026 there have been 13 vulnerabilities in Microsoft Net with an average score of 7.1 out of ten. Last year, in 2025 Net had 8 security vulnerabilities published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.21
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 13 | 7.12 |
| 2025 | 8 | 7.34 |
| 2024 | 16 | 7.55 |
| 2023 | 31 | 7.54 |
| 2022 | 10 | 7.05 |
| 2021 | 8 | 6.76 |
| 2020 | 4 | 5.00 |
It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Net Security Vulnerabilities
May 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-42899
7.5 - High
- May 12, 2026
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Infinite Loop
May 2026: .NET Core Tampering Vulnerability
CVE-2026-32175
4.3 - Medium
- May 12, 2026
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
Absolute Path Traversal
May 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-35433
7.3 - High
- May 12, 2026
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Improper Input Validation
May 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-32177
7.3 - High
- May 12, 2026
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Apr 2026: .NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203
7.5 - High
- April 14, 2026
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Stack Overflow
Apr 2026: .NET Denial of Service Vulnerability
CVE-2026-26171
7.5 - High
- April 14, 2026
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-23666
7.5 - High
- April 14, 2026
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
Improper Handling of Exceptional Conditions
Apr 2026: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116
7.5 - High
- April 14, 2026
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Infinite Loop
Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-32226
5.9 - Medium
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
Race Condition
Apr 2026: .NET Spoofing Vulnerability
CVE-2026-32178
7.5 - High
- April 14, 2026
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper Neutralization of Special Elements
Mar 2026: .NET Denial of Service Vulnerability
CVE-2026-26127
7.5 - High
- March 10, 2026
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Out-of-bounds Read
Mar 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-26131
7.8 - High
- March 10, 2026
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
Incorrect Default Permissions
Feb 2026: .NET Spoofing Vulnerability
CVE-2026-21218
7.5 - High
- February 10, 2026
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper Handling of Missing Special Element
Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248
4.8 - Medium
- October 14, 2025
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inadequate Encryption Strength
Oct 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-55247
7.3 - High
- October 14, 2025
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399
7.5 - High
- June 13, 2025
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted Path
May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646
8 - High
- May 13, 2025
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
External Control of File Name or Path
Jan 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171
7.5 - High
- January 14, 2025
.NET Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Jan 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
Jan 2025: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176
8.8 - High
- January 14, 2025
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Buffer Over-read
Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167
6.5 - Medium
- August 13, 2024
.NET and Visual Studio Information Disclosure Vulnerability
Cleartext Transmission of Sensitive Information
Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168
7.5 - High
- August 13, 2024
.NET and Visual Studio Denial of Service Vulnerability
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Improper Input Validation
Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081
7.3 - High
- July 09, 2024
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045
6.3 - Medium
- May 14, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Visual Studio DoS via malformed input
CVE-2024-30046
- May 14, 2024
Visual Studio Denial of Service Vulnerability
Race Condition
Microsoft .NET Framework & Visual Studio RCE via CVE-2024-21409
CVE-2024-21409
7.3 - High
- April 09, 2024
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Mar 2024: .NET Framework Information Disclosure Vulnerability
CVE-2024-29059
7.5 - High
- March 23, 2024
.NET Framework Information Disclosure Vulnerability
Generation of Error Message Containing Sensitive Information
Microsoft QUIC DoS via malformed QUIC packets
CVE-2024-26190
7.5 - High
- March 12, 2024
Microsoft QUIC Denial of Service Vulnerability
.NET / Visual Studio DoS Vulnerability (CVE-2024-21392)
CVE-2024-21392
7.5 - High
- March 12, 2024
.NET and Visual Studio Denial of Service Vulnerability
Microsoft Identity Platform DoS Vulnerability (CVE-2024-21319)
CVE-2024-21319
6.8 - Medium
- January 09, 2024
Microsoft Identity Denial of service vulnerability
Microsoft.Data.SqlClient SQL Feature Bypass Vulnerability
CVE-2024-0056
8.7 - High
- January 09, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Microsoft .NET Framework Security Bypass CVE-2024-0057
CVE-2024-0057
9.8 - Critical
- January 09, 2024
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
.NET DoS Vulnerability (CVE-2024-20672)
CVE-2024-20672
7.5 - High
- January 09, 2024
.NET Denial of Service Vulnerability
Nov 2023: ASP.NET Core Denial of Service Vulnerability
CVE-2023-36038
8.2 - High
- November 14, 2023
ASP.NET Core Denial of Service Vulnerability
Resource Exhaustion
Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558
6.2 - Medium
- November 14, 2023
ASP.NET Core Security Feature Bypass Vulnerability
Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049
7.6 - High
- November 14, 2023
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Improper Input Validation
Nov 2023: ASP.NET Security Feature Bypass Vulnerability
CVE-2023-36560
8.8 - High
- November 14, 2023
ASP.NET Security Feature Bypass Vulnerability
Nov 2023: Visual Studio Denial of Service Vulnerability
CVE-2023-36042
6.2 - Medium
- November 14, 2023
Visual Studio Denial of Service Vulnerability
Heap-based Buffer Overflow
Microsoft QUIC Stack DoS via Unvalidated Input
CVE-2023-36435
7.5 - High
- October 10, 2023
Microsoft QUIC Denial of Service Vulnerability
Microsoft QUIC component DoS via malformed packet
CVE-2023-38171
7.5 - High
- October 10, 2023
Microsoft QUIC Denial of Service Vulnerability
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36792
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Sep 2023: .NET Framework Remote Code Execution Vulnerability
CVE-2023-36788
7.8 - High
- September 12, 2023
.NET Framework Remote Code Execution Vulnerability
Sep 2023: .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36799
6.5 - Medium
- September 12, 2023
.NET Core and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer underflow
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Net or by Microsoft? Click the Watch button to subscribe.
