{"uuid": "ca34932b-8395-4108-bbdf-e1ddcaa265c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-32177", "type": "seen", "source": "https://gist.github.com/alon710/20feb3751f65ab167c104ebcd62a67d5", "content": "# CVE-2026-32177: CVE-2026-32177: Heap-Based Buffer Overflow in .NET Core and Visual Studio\n\n> **CVSS Score:** 7.3\n> **Published:** 2026-05-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32177\n\n## Summary\nCVE-2026-32177 is a high-severity heap-based buffer overflow affecting multiple versions of Microsoft .NET and Visual Studio. Triggered by insufficient input validation during file processing, the vulnerability permits local privilege escalation when a user opens a specially crafted file.\n\n## TL;DR\nA heap-based buffer overflow in the .NET runtime allows local privilege escalation when users open maliciously crafted files in vulnerable host applications like Visual Studio.\n\n## Technical Details\n\n- **CWE ID**: CWE-122\n- **Attack Vector**: Local (AV:L)\n- **CVSS v3.1 Score**: 7.3 (High)\n- **EPSS Probability**: 0.10%\n- **Primary Impact**: Local Elevation of Privilege\n- **Exploit Status**: Unexploited / No PoC\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- .NET 10.0\n- .NET 9.0\n- .NET 8.0\n- Microsoft .NET Framework 3.5\n- Microsoft .NET Framework 4.7.2\n- Microsoft .NET Framework 4.8\n- Microsoft .NET Framework 4.8.1\n- Microsoft Visual Studio 2022\n- Microsoft Visual Studio 2026\n- **.NET 10.0**: 10.0.0 to 10.0.7 (Fixed in: `10.0.8`)\n- **.NET 9.0**: 9.0.0 to 9.0.15 (Fixed in: `9.0.16`)\n- **.NET 8.0**: 8.0.0 to 8.0.26 (Fixed in: `8.0.27`)\n- **Microsoft .NET Framework 3.5, 4.7.2, 4.8, 4.8.1**: All prior to patch (Fixed in: `4.8.9334.0 / 4.8.4802.0`)\n- **Microsoft Visual Studio 2022**: 17.12.0 to 17.12.19, 17.14.0 to 17.14.30 (Fixed in: `17.12.20 / 17.14.31`)\n- **Microsoft Visual Studio 2026**: 18.5.0 to 18.5.2 (Fixed in: `18.5.3`)\n\n## Mitigation\n\n- Apply Microsoft May 2026 Patch Tuesday security updates across all affected .NET environments.\n- Enforce the principle of least privilege to prevent users from running development tools or applications with administrative rights.\n- Implement file screening and security controls to block suspicious or untrusted files.\n\n**Remediation Steps:**\n1. Inventory all systems running .NET 8.0, 9.0, 10.0, and .NET Framework.\n2. Identify installations of Visual Studio 2022 and 2026.\n3. Deploy the specific fixed versions listed in the MSRC advisory (e.g., .NET 10.0.8, VS 2026 18.5.3).\n4. Verify the patch installation by checking assembly file versions.\n\n## References\n\n- [MSRC Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-32177)\n- [NVD Record](https://nvd.nist.gov/vuln/detail/CVE-2026-32177)\n- [ZDI May 2026 Review](https://www.zerodayinitiative.com/blog/2026/5/12/the-may-2026-security-update-review)\n- [OffSeq Threat Radar](https://radar.offseq.com/threat/cve-2026-32177-cwe-122-heap-based-buffer-overflow--a6e5dc9f)\n- [Rapid7 Analysis](https://www.rapid7.com/blog/post/em-patch-tuesday-may-2026/)\n- [Sophos Blog](https://www.sophos.com/en-us/blog/may-patch-tuesday-hauls-out-132-cves)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32177) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-19T08:40:50.000000Z"}