Jul 2026: .NET Framework Remote Code Execution Vulnerability
CVE-2026-50646 Published on July 14, 2026
.NET Framework Remote Code Execution Vulnerability
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
Weakness Types
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2026-50646 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2026-50646
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 8.0:- Version 8.0.0 and below 8.0.29 is affected.
- Version 9.0.0 and below 9.0.18 is affected.
- Version 3.5.0 and below 2.0.50727.8983 & 3.0.30729.8978 is affected.
- Version 4.7.0 and below 2.0.50727.8983 & 3.0.30729.8978 & 4.7.4143.0 is affected.
- Version 4.8.0 and below 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0 is affected.
- Version 4.8.1 and below 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0 is affected.
- Version 4.7.0 and below 4.7.4143.0 is affected.
- Version 4.8.0 and below 4.8.4803.0 is affected.
- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.