Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-50528 Published on July 14, 2026

.NET Security Feature Bypass Vulnerability
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

Vendor Advisory NVD

Weakness Types

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-50528 has been classified to as an AuthZ vulnerability or weakness.

Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

What is a Failing Open Vulnerability?

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."

CVE-2026-50528 has been classified to as a Failing Open vulnerability or weakness.


Products Associated with CVE-2026-50528

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

 
 
 

Affected Versions

Microsoft .NET 10.0: Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Microsoft Visual Studio 2026 version 18.7: