Jul 2026: .NET Framework Remote Code Execution Vulnerability
CVE-2026-50646 Published on July 14, 2026

.NET Framework Remote Code Execution Vulnerability
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

Vendor Advisory NVD

Weakness Types

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-50646 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2026-50646

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

 
 
 

Affected Versions

Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft .NET Framework 3.5: Microsoft .NET Framework 3.5 AND 4.7.2: Microsoft .NET Framework 3.5 AND 4.8: Microsoft .NET Framework 3.5 AND 4.8.1: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2: Microsoft .NET Framework 4.8: Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Microsoft Visual Studio 2026 version 18.7: