Jul 2026: .NET Remote Code Execution Vulnerability
CVE-2026-50649 Published on July 14, 2026

.NET Remote Code Execution Vulnerability
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

Vendor Advisory NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-50649 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2026-50649

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

 
 
 

Affected Versions

Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Microsoft Visual Studio 2026 version 18.7: