Jul 2026: .NET Remote Code Execution Vulnerability
CVE-2026-50649 Published on July 14, 2026
.NET Remote Code Execution Vulnerability
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2026-50649 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2026-50649
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 8.0:- Version 8.0.0 and below 8.0.29 is affected.
- Version 9.0.0 and below 9.0.18 is affected.
- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.