Microsoft Net
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Net.
Recent Microsoft Net Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-31658 | CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() | April 26, 2026 |
| CVE-2026-31674 | CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() | April 26, 2026 |
| CVE-2026-31684 | CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers | April 26, 2026 |
| CVE-2026-31681 | CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry | April 26, 2026 |
| CVE-2026-31678 | CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release | April 26, 2026 |
| CVE-2026-31680 | CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown | April 26, 2026 |
| CVE-2026-31649 | CVE-2026-31649 net: stmmac: fix integer underflow in chain mode | April 26, 2026 |
| CVE-2026-31675 | CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption | April 26, 2026 |
| CVE-2026-31669 | CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established | April 26, 2026 |
| CVE-2026-31685 | CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets | April 26, 2026 |
By the Year
In 2026 there have been 9 vulnerabilities in Microsoft Net with an average score of 7.4 out of ten. Last year, in 2025 Net had 8 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.02.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 7.36 |
| 2025 | 8 | 7.34 |
| 2024 | 16 | 7.55 |
| 2023 | 31 | 7.54 |
| 2022 | 10 | 7.05 |
| 2021 | 8 | 6.76 |
| 2020 | 4 | 5.00 |
It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Net Security Vulnerabilities
Apr 2026: .NET Denial of Service Vulnerability
CVE-2026-26171
7.5 - High
- April 14, 2026
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Apr 2026: .NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203
7.5 - High
- April 14, 2026
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Stack Overflow
Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-23666
7.5 - High
- April 14, 2026
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
Improper Handling of Exceptional Conditions
Apr 2026: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116
7.5 - High
- April 14, 2026
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Infinite Loop
Apr 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-32226
5.9 - Medium
- April 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
Race Condition
Apr 2026: .NET Spoofing Vulnerability
CVE-2026-32178
7.5 - High
- April 14, 2026
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper Neutralization of Special Elements
Mar 2026: .NET Denial of Service Vulnerability
CVE-2026-26127
7.5 - High
- March 10, 2026
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Out-of-bounds Read
Mar 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-26131
7.8 - High
- March 10, 2026
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
Incorrect Default Permissions
Feb 2026: .NET Spoofing Vulnerability
CVE-2026-21218
7.5 - High
- February 10, 2026
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Improper Handling of Missing Special Element
Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248
4.8 - Medium
- October 14, 2025
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inadequate Encryption Strength
Oct 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-55247
7.3 - High
- October 14, 2025
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399
7.5 - High
- June 13, 2025
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted Path
May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646
8 - High
- May 13, 2025
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
External Control of File Name or Path
Jan 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171
7.5 - High
- January 14, 2025
.NET Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Jan 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
Jan 2025: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176
8.8 - High
- January 14, 2025
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Buffer Over-read
Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167
6.5 - Medium
- August 13, 2024
.NET and Visual Studio Information Disclosure Vulnerability
Cleartext Transmission of Sensitive Information
Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168
7.5 - High
- August 13, 2024
.NET and Visual Studio Denial of Service Vulnerability
Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081
7.3 - High
- July 09, 2024
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Improper Input Validation
Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045
6.3 - Medium
- May 14, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Visual Studio DoS via malformed input
CVE-2024-30046
- May 14, 2024
Visual Studio Denial of Service Vulnerability
Race Condition
Microsoft .NET Framework & Visual Studio RCE via CVE-2024-21409
CVE-2024-21409
7.3 - High
- April 09, 2024
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Mar 2024: .NET Framework Information Disclosure Vulnerability
CVE-2024-29059
7.5 - High
- March 23, 2024
.NET Framework Information Disclosure Vulnerability
Generation of Error Message Containing Sensitive Information
.NET / Visual Studio DoS Vulnerability (CVE-2024-21392)
CVE-2024-21392
7.5 - High
- March 12, 2024
.NET and Visual Studio Denial of Service Vulnerability
Microsoft QUIC DoS via malformed QUIC packets
CVE-2024-26190
7.5 - High
- March 12, 2024
Microsoft QUIC Denial of Service Vulnerability
Microsoft Identity Platform DoS Vulnerability (CVE-2024-21319)
CVE-2024-21319
6.8 - Medium
- January 09, 2024
Microsoft Identity Denial of service vulnerability
Microsoft.Data.SqlClient SQL Feature Bypass Vulnerability
CVE-2024-0056
8.7 - High
- January 09, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Microsoft .NET Framework Security Bypass CVE-2024-0057
CVE-2024-0057
9.8 - Critical
- January 09, 2024
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
.NET DoS Vulnerability (CVE-2024-20672)
CVE-2024-20672
7.5 - High
- January 09, 2024
.NET Denial of Service Vulnerability
Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558
6.2 - Medium
- November 14, 2023
ASP.NET Core Security Feature Bypass Vulnerability
Nov 2023: ASP.NET Core Denial of Service Vulnerability
CVE-2023-36038
8.2 - High
- November 14, 2023
ASP.NET Core Denial of Service Vulnerability
Resource Exhaustion
Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049
7.6 - High
- November 14, 2023
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Improper Input Validation
Nov 2023: ASP.NET Security Feature Bypass Vulnerability
CVE-2023-36560
8.8 - High
- November 14, 2023
ASP.NET Security Feature Bypass Vulnerability
Nov 2023: Visual Studio Denial of Service Vulnerability
CVE-2023-36042
6.2 - Medium
- November 14, 2023
Visual Studio Denial of Service Vulnerability
Heap-based Buffer Overflow
Microsoft QUIC Stack DoS via Unvalidated Input
CVE-2023-36435
7.5 - High
- October 10, 2023
Microsoft QUIC Denial of Service Vulnerability
Microsoft QUIC component DoS via malformed packet
CVE-2023-38171
7.5 - High
- October 10, 2023
Microsoft QUIC Denial of Service Vulnerability
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer underflow
Sep 2023: .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36799
6.5 - Medium
- September 12, 2023
.NET Core and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Sep 2023: .NET Framework Remote Code Execution Vulnerability
CVE-2023-36788
7.8 - High
- September 12, 2023
.NET Framework Remote Code Execution Vulnerability
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36792
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36796
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer underflow
Microsoft ASP.NET Core SignalR & VS Info Disclosure (CVE-2023-35391)
CVE-2023-35391
7.5 - High
- August 08, 2023
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
Aug 2023: .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38180
7.5 - High
- August 08, 2023
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
DoS in .NET Core (CVE-2023-38178)
CVE-2023-38178
7.5 - High
- August 08, 2023
.NET Core and Visual Studio Denial of Service Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Net or by Microsoft? Click the Watch button to subscribe.
