Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-50528 Published on July 14, 2026
.NET Security Feature Bypass Vulnerability
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
Weakness Types
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-50528 has been classified to as an AuthZ vulnerability or weakness.
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
What is a Failing Open Vulnerability?
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."
CVE-2026-50528 has been classified to as a Failing Open vulnerability or weakness.
Products Associated with CVE-2026-50528
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 10.0:- Version 10.0.0 and below 10.0.6 is affected.
- Version 8.0.0 and below 8.0.29 is affected.
- Version 9.0.0 and below 9.0.18 is affected.
- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.