CVE-2026-32177

EUVD-2026-29572
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
microsoftvisual_studio_2022
17.12.0 ≤
𝑥
< 17.12.20
microsoftvisual_studio_2022
17.14.0 ≤
𝑥
< 17.14.32
microsoftvisual_studio_2026
18.5.0 ≤
𝑥
< 18.5.3
microsoft.net_framework
4.8
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
3.5
microsoft.net_framework
4.8.1
microsoft.net_framework
3.5
microsoft.net_framework
4.8
microsoft.net_framework
3.5
microsoft.net
8.0.0 ≤
𝑥
< 8.0.27
microsoft.net
9.0.0 ≤
𝑥
< 9.0.16
microsoft.net
10.0.0 ≤
𝑥
< 10.0.8
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64)
KB5087065
1809 (arm64, x64)
KB5087061
1809 (arm64, x64)
KB5087066
21H2 (arm64)
KB5087053
21H2 (x64)
KB5087064
22H2 (arm64, x64)
KB5087053
22H2 (arm64, x64)
KB5087064
Windows 11
23H2 (x64)
KB5087058
24H2 (arm64, x64)
KB5087054
25H2 (arm64, x64)
KB5087051
26H1 (arm64, x64)
KB5087055
Windows Server 2012
Standard
KB5087048
Standard
KB5087062
Standard
KB5087067
Windows Server 2012 R2
Standard
KB5087049
Standard
KB5087063
Standard
KB5087069
Windows Server 2016
Standard
KB5087065
Windows Server 2019
Standard
KB5087061
Standard
KB5087066
Windows Server 2022
Standard
KB5087059
Standard
KB5087068
Windows Server 2025
Standard
KB5087051
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
aspnetcore-runtime-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
aspnetcore-runtime-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
aspnetcore-runtime-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
aspnetcore-runtime-dbg-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
aspnetcore-runtime-dbg-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
aspnetcore-runtime-dbg-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
aspnetcore-targeting-pack-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
aspnetcore-targeting-pack-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
aspnetcore-targeting-pack-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-apphost-pack-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-apphost-pack-10.0-debuginfo
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-apphost-pack-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-apphost-pack-8.0-debuginfo
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-apphost-pack-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-apphost-pack-9.0-debuginfo
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-host
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-host-debuginfo
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-hostfxr-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-hostfxr-10.0-debuginfo
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-hostfxr-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-hostfxr-8.0-debuginfo
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-hostfxr-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-hostfxr-9.0-debuginfo
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-runtime-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-runtime-10.0-debuginfo
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-runtime-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-runtime-8.0-debuginfo
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-runtime-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-runtime-9.0-debuginfo
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-runtime-dbg-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-runtime-dbg-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-runtime-dbg-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-sdk-10.0
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-10.0-debuginfo
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-10.0-source-built-artifacts
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-8.0
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-sdk-8.0-debuginfo
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-sdk-8.0-source-built-artifacts
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-sdk-9.0
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-sdk-9.0-debuginfo
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-sdk-9.0-source-built-artifacts
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-sdk-aot-10.0
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-aot-10.0-debuginfo
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-aot-9.0
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-sdk-aot-9.0-debuginfo
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-sdk-dbg-10.0
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-sdk-dbg-8.0
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-sdk-dbg-9.0
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet-targeting-pack-10.0
Amazon Linux 2023
0:10.0.8-1.amzn2023.0.1
fixed
dotnet-targeting-pack-8.0
Amazon Linux 2023
0:8.0.27-1.amzn2023.0.1
fixed
dotnet-targeting-pack-9.0
Amazon Linux 2023
0:9.0.16-1.amzn2023.0.2
fixed
dotnet-templates-10.0
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet-templates-8.0
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet-templates-9.0
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
dotnet10.0-debuginfo
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet10.0-debugsource
Amazon Linux 2023
0:10.0.108-1.amzn2023.0.1
fixed
dotnet8.0-debuginfo
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet8.0-debugsource
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
dotnet9.0-debugsource
Amazon Linux 2023
0:9.0.117-1.amzn2023.0.2
fixed
netstandard-targeting-pack-2.1
Amazon Linux 2023
0:8.0.127-1.amzn2023.0.1
fixed
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177