Apr 2026: .NET Spoofing Vulnerability
CVE-2026-32178 Published on April 14, 2026

.NET Spoofing Vulnerability
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-32178 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Improper Neutralization of Special Elements

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component. Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < ("less than") as meaning "read input from a file".


Products Associated with CVE-2026-32178

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-32178 are published in these products:

 
 
 
 
 
 
 

Affected Versions

Microsoft .NET 10.0: Microsoft .NET 8.0: Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat Enterprise Linux CRB (v. 8): Red Hat CodeReady Linux Builder EUS (v.9.4): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Hardened Images:

Exploit Probability

EPSS
1.11%
Percentile
61.64%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.