Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32178 (GCVE-0-2026-32178)
Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-30 03:17
VLAI
EPSS
Title
.NET Spoofing Vulnerability
Summary
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-138 - Improper Neutralization of Special Elements
Assigner
References
21 references
Impacted products
19 products
Date Public
2026-04-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T10:40:37.117716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T10:43:57.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-14T18:41:05.485Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the .NET runtime (System.Net.Mail) in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed (CR/LF) sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could exploit this issue to perform email spoofing by injecting additional headers or altering how the email address is processed during SMTP operations"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "Improper Neutralization of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:17:58.442Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-32178"
},
{
"name": "RHBZ#2457781",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457781"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32178.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13281"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13280"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8467"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8472"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8473"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8475"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13693"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13283"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13282"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8474"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9077"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9080"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:13281: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:13280: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8467: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:8468: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:8475: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:13693: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:13283: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:13282: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8471: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:8469: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:8474: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:9077: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:9080: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:9205: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T08:04:44.681Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-14T18:41:05.485Z",
"value": "Made public."
}
],
"title": "dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw",
"workarounds": [
{
"lang": "en",
"value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": ".NET 10.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.6",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.26",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.26",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.15",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.19",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.30",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.19",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.30",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.6",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.26",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.15",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "CWE-138: Improper Neutralization of Special Elements",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:07:58.452Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178"
}
],
"title": ".NET Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-32178",
"datePublished": "2026-04-14T16:57:31.355Z",
"dateReserved": "2026-03-11T00:26:53.425Z",
"dateUpdated": "2026-06-30T03:17:58.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32178",
"date": "2026-06-29",
"epss": "0.0111",
"percentile": "0.61809"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32178\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-04-14T18:17:20.260\",\"lastModified\":\"2026-06-30T03:18:29.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\".NET 10.0\",\"versions\":[{\"version\":\"10.0.0\",\"lessThan\":\"10.0.6\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\".NET 8.0\",\"versions\":[{\"version\":\"8.0\",\"lessThan\":\"8.0.26\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\".NET 8.0\",\"versions\":[{\"version\":\"8.0.0\",\"lessThan\":\"8.0.26\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\".NET 9.0\",\"versions\":[{\"version\":\"9.0.0\",\"lessThan\":\"9.0.15\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Visual Studio 2022 version 17.12\",\"versions\":[{\"version\":\"17.12.0\",\"lessThan\":\"17.12.19\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Visual Studio 2022 version 17.14\",\"versions\":[{\"version\":\"17.14.0\",\"lessThan\":\"17.14.30\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CRB (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-15T10:40:37.117716Z\",\"id\":\"CVE-2026-32178\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-138\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-138\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.6\",\"matchCriteriaId\":\"CD89D801-933E-4D78-9187-D2CA94370FA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.26\",\"matchCriteriaId\":\"CB15ABFB-047C-4B69-BD19-68D3EFEDCB78\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.15\",\"matchCriteriaId\":\"EB2D66A6-4F92-4AB0-A8F0-FCE4EC0BED1A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndExcluding\":\"17.12.19\",\"matchCriteriaId\":\"1D6BD3C9-DAAC-4A1D-8504-871EAA6374F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.14.0\",\"versionEndExcluding\":\"17.14.30\",\"matchCriteriaId\":\"C4E8314E-DF85-46D1-88D5-A551F73C780C\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13280\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13281\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13282\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13283\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13693\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8467\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8468\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8469\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8471\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8472\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8473\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8474\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8475\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9077\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9080\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9205\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-32178\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2457781\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32178.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32178\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T10:40:37.117716Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-15T10:43:00.851Z\"}}], \"cna\": {\"title\": \".NET Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 10.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0.26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.0.15\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.12.0\", \"lessThan\": \"17.12.19\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.14\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.14.0\", \"lessThan\": \"17.14.30\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-04-14T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178\", \"name\": \".NET Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-138\", \"description\": \"CWE-138: Improper Neutralization of Special Elements\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.12.19\", \"versionStartIncluding\": \"17.12.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.14.30\", \"versionStartIncluding\": \"17.14.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.6\", \"versionStartIncluding\": \"10.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.26\", \"versionStartIncluding\": \"8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.26\", \"versionStartIncluding\": \"8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.15\", \"versionStartIncluding\": \"9.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-06-19T16:07:58.452Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32178\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-19T16:07:58.452Z\", \"dateReserved\": \"2026-03-11T00:26:53.425Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-04-14T16:57:31.355Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:9205
Vulnerability from csaf_redhat - Published: 2026-04-21 03:04 - Updated: 2026-06-30 04:29Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
dotnet9.0:
* aspnetcore-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-apphost-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-hostfxr-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-sdk-9.0-9.0.116-1.hum1 (aarch64, x86_64)
* dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.hum1 (aarch64, x86_64)
* dotnet-sdk-aot-9.0-9.0.116-1.hum1 (aarch64, x86_64)
* dotnet-sdk-dbg-9.0-9.0.116-1.hum1 (aarch64, x86_64)
* dotnet-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)
* dotnet-templates-9.0-9.0.116-1.hum1 (aarch64, x86_64)
* netstandard-targeting-pack-2.1-9.0.116-1.hum1 (aarch64, x86_64)
* dotnet9.0-9.0.116-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validation handling.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operations.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw exists in certain .NET builds where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.
8.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service (DoS), making the service unavailable, and a bypass of security features.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the .NET runtime (System.Net.Mail) in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed (CR/LF) sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could exploit this issue to perform email spoofing by injecting additional headers or altering how the email address is processed during SMTP operations
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service (DoS). This could make the affected system unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service (DoS), making the affected system unresponsive.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@src | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@aarch64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet9-0-main@x86_64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ndotnet9.0:\n * aspnetcore-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-apphost-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-hostfxr-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-dbg-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-aot-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-dbg-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n * dotnet-targeting-pack-9.0-9.0.15-1.hum1 (aarch64, x86_64)\n * dotnet-templates-9.0-9.0.116-1.hum1 (aarch64, x86_64)\n * netstandard-targeting-pack-2.1-9.0.116-1.hum1 (aarch64, x86_64)\n * dotnet9.0-9.0.116-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9205",
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55315",
"url": "https://access.redhat.com/security/cve/CVE-2025-55315"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55248",
"url": "https://access.redhat.com/security/cve/CVE-2025-55248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55247",
"url": "https://access.redhat.com/security/cve/CVE-2025-55247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26646",
"url": "https://access.redhat.com/security/cve/CVE-2025-26646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32178",
"url": "https://access.redhat.com/security/cve/CVE-2026-32178"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33116",
"url": "https://access.redhat.com/security/cve/CVE-2026-33116"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32203",
"url": "https://access.redhat.com/security/cve/CVE-2026-32203"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26171",
"url": "https://access.redhat.com/security/cve/CVE-2026-26171"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9205.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T04:29:53+00:00",
"generator": {
"date": "2026-06-30T04:29:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:9205",
"initial_release_date": "2026-04-21T03:04:46+00:00",
"revision_history": [
{
"date": "2026-04-21T03:04:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-27T12:08:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:29:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet9-0-main@aarch64",
"product": {
"name": "dotnet9-0-main@aarch64",
"product_id": "dotnet9-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-9.0@9.0.15-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet9-0-main@x86_64",
"product": {
"name": "dotnet9-0-main@x86_64",
"product_id": "dotnet9-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-9.0@9.0.15-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet9-0-main@src",
"product": {
"name": "dotnet9-0-main@src",
"product_id": "dotnet9-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet9.0@9.0.116-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet9-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet9-0-main@aarch64"
},
"product_reference": "dotnet9-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet9-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet9-0-main@src"
},
"product_reference": "dotnet9-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet9-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet9-0-main@x86_64"
},
"product_reference": "dotnet9-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-26646",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2025-05-09T11:59:36.797000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365317"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validation handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET and Visual Studio Spoofing Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in .NET is Important because it allows spoofing of trusted identities or content through crafted input, exploiting weaknesses in validation logic. While it requires user interaction and limited privileges, it can subvert authentication flows or integrity checks, leading to unauthorized actions. In security-sensitive contexts\u2014like signed assembly loading, secure package feeds, or automated build systems\u2014such spoofing can compromise trust boundaries and facilitate privilege escalation or supply chain attacks, making it more severe than a typical moderate flaw.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26646"
},
{
"category": "external",
"summary": "RHBZ#2365317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365317"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26646"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/356",
"url": "https://github.com/dotnet/announcements/issues/356"
}
],
"release_date": "2025-05-14T03:06:48.901000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET and Visual Studio Spoofing Vulnerability"
},
{
"cve": "CVE-2025-55247",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2025-10-10T13:25:49.702000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403086"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MSBuild\u2019s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Denial of Service Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as Moderate. Predictable MSBuild temporary directory paths on Linux allow a local user to precreate or manipulate build temp directories, causing build failures (denial of service) on shared build hosts or CI runners using the affected .NET packages.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55247"
},
{
"category": "external",
"summary": "RHBZ#2403086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247"
}
],
"release_date": "2025-10-15T13:06:53.521000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: .NET Denial of Service Vulnerability"
},
{
"cve": "CVE-2025-55248",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2025-10-10T13:00:27.907000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw exists in certain .NET builds where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Information Disclosure Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely exploited by a man-in-the-middle attacker without authentication or user interaction. Successful exploitation allows an attacker to disable TLS protection between a .NET client and an SMTP server, leading to exposure of credentials and message contents over an unencrypted connection. The vulnerability results from insufficient enforcement of TLS during SMTP session negotiation in the affected .NET runtime.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core\u201d\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55248"
},
{
"category": "external",
"summary": "RHBZ#2403083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248"
}
],
"release_date": "2025-10-15T12:39:35.343000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET Information Disclosure Vulnerability"
},
{
"cve": "CVE-2025-55315",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-10-10T13:21:09.125000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ASP.NET Core\u2019s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Security Feature Bypass Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as Important. An authorized network attacker can exploit inconsistent HTTP request parsing in ASP.NET Core to bypass security controls (HTTP request smuggling), potentially exposing or enabling unauthorized actions on request data in affected .NET runtimes.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55315"
},
{
"category": "external",
"summary": "RHBZ#2403085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315"
}
],
"release_date": "2025-10-15T12:58:31.281000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET Security Feature Bypass Vulnerability"
},
{
"cve": "CVE-2026-26171",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-13T05:00:07.414000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service (DoS), making the service unavailable, and a bypass of security features.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET: Security Bypass and Denial of Service Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact vulnerability affecting .NET applications that utilize `EncryptedXml` for data encryption. An attacker could exploit unsafe transforms to achieve a denial of service or bypass security features. This impacts Red Hat Enterprise Linux and Fedora systems running affected .NET versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26171"
},
{
"category": "external",
"summary": "RHBZ#2457739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26171"
}
],
"release_date": "2026-04-14T18:39:18.599000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET: Security Bypass and Denial of Service Vulnerability"
},
{
"cve": "CVE-2026-32178",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2026-04-13T08:04:44.681000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the .NET runtime (System.Net.Mail) in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed (CR/LF) sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could exploit this issue to perform email spoofing by injecting additional headers or altering how the email address is processed during SMTP operations",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the .NET runtime\u0027s System.Net.Mail component affects Red Hat Enterprise Linux and Red Hat Hardened Images. Improper neutralization of carriage return and line feed sequences during email address parsing can lead to SMTP command or header injection, enabling email spoofing in applications utilizing the affected .NET versions for SMTP operations.\n\nThe impact is primarily related to how email data is handled and interpreted. By injecting crafted header content, an attacker may influence the structure of email messages and potentially expose sensitive information included in those messages to unintended recipients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32178"
},
{
"category": "external",
"summary": "RHBZ#2457781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32178"
}
],
"release_date": "2026-04-14T18:41:05.485000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw"
},
{
"cve": "CVE-2026-32203",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-13T05:02:08.475000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service (DoS). This could make the affected system unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET: Denial of Service via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in .NET, affecting Red Hat Enterprise Linux and Fedora. The flaw, a stack overflow in EncryptedKey nested decryption, could allow an attacker to cause a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32203"
},
{
"category": "external",
"summary": "RHBZ#2457740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32203"
}
],
"release_date": "2026-04-14T18:39:07.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET: Denial of Service via stack overflow"
},
{
"cve": "CVE-2026-33116",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-13T05:12:13.834000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service (DoS), making the affected system unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in .NET\u0027s XmlDecryptionTransform. An attacker could exploit this flaw by providing specially crafted XML data, leading to an infinite recursion and causing a denial of service in applications processing such data. This affects Red Hat Enterprise Linux versions 8, 9, and 10, as well as Fedora.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"known_not_affected": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33116"
},
{
"category": "external",
"summary": "RHBZ#2457741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33116"
}
],
"release_date": "2026-04-14T18:38:58.320000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T03:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet9-0-main@aarch64",
"Red Hat Hardened Images:dotnet9-0-main@src",
"Red Hat Hardened Images:dotnet9-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform"
}
]
}
WID-SEC-W-2026-1100
Vulnerability from csaf_certbund - Published: 2026-04-14 22:00 - Updated: 2026-05-26 22:00Summary
Microsoft DeveloperTools: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung für Hochsprachen.
Microsoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausführung von Softwareanwendungen und Webdiensten ermöglicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. für die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.
Microsoft .NET ist ein Software-Framework für die Entwicklung und Ausführung von Anwendungen.
PowerShell ist ein plattformübergreifendes Framework von Microsoft zur Automatisierung, Konfiguration und Verwaltung von Systemen, das einen Kommandozeileninterpreter inklusive Skriptsprache bietet.
Visual Studio Code ist ein Quelltext-Editor von Microsoft.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio, Microsoft .NET Framework, Microsoft .NET, Microsoft PowerShell und Microsoft Visual Studio Code ausnutzen, um vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuführen, einen Denial-of-Service-Zustand herbeizuführen oder Sicherheitsmaßnahmen zu umgehen, was möglicherweise die Ausführung von beliebigem Code ermöglicht.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.7.2
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.7.2
|
4.7.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft .NET Framework 4.8
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8
|
4.8 | |
|
Microsoft Visual Studio 2022 version 17.14
Microsoft / Visual Studio 2022
|
version 17.14 | ||
|
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft / Visual Studio 2017
|
version 15.9 (includes 15.0-15.8) | ||
|
Microsoft Visual Studio 2022 version 17.12
Microsoft / Visual Studio 2022
|
version 17.12 | ||
|
Microsoft PowerShell 7.5
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.5
|
7.5 | |
|
Microsoft Visual Studio Code CoPilot Chat Extension
Microsoft / Visual Studio Code
|
cpe:/a:microsoft:visual_studio_code:copilot_chat_extension
|
CoPilot Chat Extension | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Microsoft .NET 10.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:10.0
|
10 | |
|
Microsoft .NET 9.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:9.0
|
9 | |
|
Microsoft .NET 8.0
Microsoft / .NET
|
cpe:/a:microsoft:.net:8.0
|
8 | |
|
Microsoft PowerShell 7.4
Microsoft / PowerShell
|
cpe:/a:microsoft:powershell:7.4:rc1
|
7.4 | |
|
Hitachi Virtual Storage Platform 5200
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200
|
5200 | |
|
Hitachi Virtual Storage Platform 5100
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100
|
5100 | |
|
Hitachi Virtual Storage Platform 5500
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500
|
5500 | |
|
Hitachi Virtual Storage Platform 5100H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5100h
|
5100H | |
|
Hitachi Virtual Storage Platform 5500H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5500h
|
5500H | |
|
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft / Visual Studio 2019
|
version 16.11 (includes 16.0-16.10) | ||
|
Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)
Microsoft / Visual Studio 2019
|
version 16.4 (includes 16.0-16.3) | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft .NET Framework 3.5
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:3.5:-
|
3.5 | |
|
Microsoft .NET Framework 4.8.1
Microsoft / .NET Framework
|
cpe:/a:microsoft:.net_framework:4.8.1
|
4.8.1 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Virtual Storage Platform 5600H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600h
|
5600H | |
|
Hitachi Virtual Storage Platform 5200H
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5200h
|
5200H | |
|
Hitachi Virtual Storage Platform 5600
Hitachi / Virtual Storage Platform
|
cpe:/h:hitachi:virtual_storage_platform:5600
|
5600 |
References
48 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung f\u00fcr Hochsprachen.\r\nMicrosoft .NET Framework ist eine Komponente des Microsoft Windows-Betriebssystems, das die Erstellung und Ausf\u00fchrung von Softwareanwendungen und Webdiensten erm\u00f6glicht. Es beinhaltet sowohl eine Laufzeitumgebung als auch ein Framework von Klassenbibliotheken (APIs), u. a. f\u00fcr die Programmiersprache ASP (ASP.NET), den Datenzugriff (ADO.NET), intelligente Clientanwendungen (Windows Forms) und weitere.\r\nMicrosoft .NET ist ein Software-Framework f\u00fcr die Entwicklung und Ausf\u00fchrung von Anwendungen.\r\nPowerShell ist ein plattform\u00fcbergreifendes Framework von Microsoft zur Automatisierung, Konfiguration und Verwaltung von Systemen, das einen Kommandozeileninterpreter inklusive Skriptsprache bietet. \r\nVisual Studio Code ist ein Quelltext-Editor von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio, Microsoft .NET Framework, Microsoft .NET, Microsoft PowerShell und Microsoft Visual Studio Code ausnutzen, um vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder Sicherheitsma\u00dfnahmen zu umgehen, was m\u00f6glicherweise die Ausf\u00fchrung von beliebigem Code erm\u00f6glicht.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1100 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1100.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1100 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1100"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8471 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8471"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8470 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8470"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8469 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8469"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8468 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8467 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8467"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8176-1 vom 2026-04-16",
"url": "https://ubuntu.com/security/notices/USN-8176-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8475 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8475"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8474 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8474"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8473 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8473"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8472 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8472"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8470 vom 2026-04-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-8470.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8472 vom 2026-04-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-8472.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8467 vom 2026-04-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-8467.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8474 vom 2026-04-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-8474.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8471 vom 2026-04-17",
"url": "https://linux.oracle.com/errata/ELSA-2026-8471.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8473 vom 2026-04-19",
"url": "http://linux.oracle.com/errata/ELSA-2026-8473.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8471 vom 2026-04-19",
"url": "https://errata.build.resf.org/RLSA-2026:8471"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8470 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8470"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8469 vom 2026-04-19",
"url": "https://errata.build.resf.org/RLSA-2026:8469"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8473 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8473"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8467 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8467"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8468 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8468"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8472 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8472"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8474 vom 2026-04-19",
"url": "https://errata.build.resf.org/RLSA-2026:8474"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8475 vom 2026-04-18",
"url": "https://errata.build.resf.org/RLSA-2026:8475"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8475 vom 2026-04-19",
"url": "http://linux.oracle.com/errata/ELSA-2026-8475.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8468 vom 2026-04-20",
"url": "https://linux.oracle.com/errata/ELSA-2026-8468.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8469 vom 2026-04-20",
"url": "https://linux.oracle.com/errata/ELSA-2026-8469.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-A1302C450C vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-a1302c450c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-AC43E01AF9 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ac43e01af9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-AD17A2DB6C vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ad17a2db6c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-E1D2833798 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-e1d2833798"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-EADD724963 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-eadd724963"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-EDCA75E401 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-edca75e401"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-FC2112CDD4 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-fc2112cdd4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-02B2A30C02 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-02b2a30c02"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-97FBAAEF10 vom 2026-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-97fbaaef10"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:9077 vom 2026-04-27",
"url": "https://access.redhat.com/errata/RHSA-2026:9077"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8216-1 vom 2026-04-28",
"url": "https://ubuntu.com/security/notices/USN-8216-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13283 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13283"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13281 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13281"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13280 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13280"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13282 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13282"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13693 vom 2026-05-05",
"url": "https://access.redhat.com/errata/RHSA-2026:13693"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2026-311 vom 2026-05-27",
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/04.html"
}
],
"source_lang": "en-US",
"title": "Microsoft DeveloperTools: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-26T22:00:00.000+00:00",
"generator": {
"date": "2026-05-27T08:52:42.319+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1100",
"initial_release_date": "2026-04-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-22991"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2026-04-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von HITACHI aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5100",
"product": {
"name": "Hitachi Virtual Storage Platform 5100",
"product_id": "T017180",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5100"
}
}
},
{
"category": "product_version",
"name": "5500",
"product": {
"name": "Hitachi Virtual Storage Platform 5500",
"product_id": "T017181",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5500"
}
}
},
{
"category": "product_version",
"name": "5100H",
"product": {
"name": "Hitachi Virtual Storage Platform 5100H",
"product_id": "T017182",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5100h"
}
}
},
{
"category": "product_version",
"name": "5500H",
"product": {
"name": "Hitachi Virtual Storage Platform 5500H",
"product_id": "T017183",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5500h"
}
}
},
{
"category": "product_version",
"name": "5200",
"product": {
"name": "Hitachi Virtual Storage Platform 5200",
"product_id": "T047075",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5200"
}
}
},
{
"category": "product_version",
"name": "5200H",
"product": {
"name": "Hitachi Virtual Storage Platform 5200H",
"product_id": "T047076",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5200h"
}
}
},
{
"category": "product_version",
"name": "5600",
"product": {
"name": "Hitachi Virtual Storage Platform 5600",
"product_id": "T047077",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5600"
}
}
},
{
"category": "product_version",
"name": "5600H",
"product": {
"name": "Hitachi Virtual Storage Platform 5600H",
"product_id": "T047078",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:5600h"
}
}
}
],
"category": "product_name",
"name": "Virtual Storage Platform"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10",
"product": {
"name": "Microsoft .NET 10.0",
"product_id": "T051615",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net:10.0"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Microsoft .NET 9.0",
"product_id": "T051616",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net:9.0"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Microsoft .NET 8.0",
"product_id": "T052749",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net:8.0"
}
}
}
],
"category": "product_name",
"name": ".NET"
},
{
"branches": [
{
"category": "product_version",
"name": "4.8.1",
"product": {
"name": "Microsoft .NET Framework 4.8.1",
"product_id": "1273212",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.8.1"
}
}
},
{
"category": "product_version",
"name": "4.7.2",
"product": {
"name": "Microsoft .NET Framework 4.7.2",
"product_id": "432556",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.7.2"
}
}
},
{
"category": "product_version",
"name": "4.8",
"product": {
"name": "Microsoft .NET Framework 4.8",
"product_id": "432557",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:4.8"
}
}
},
{
"category": "product_version",
"name": "3.5",
"product": {
"name": "Microsoft .NET Framework 3.5",
"product_id": "834793",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:.net_framework:3.5:-"
}
}
}
],
"category": "product_name",
"name": ".NET Framework"
},
{
"branches": [
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Microsoft PowerShell 7.4",
"product_id": "1809886",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:powershell:7.4:rc1"
}
}
},
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "Microsoft PowerShell 7.5",
"product_id": "T052775",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:powershell:7.5"
}
}
}
],
"category": "product_name",
"name": "PowerShell"
},
{
"branches": [
{
"category": "product_version_range",
"name": "version 15.9 (includes 15.0-15.8)",
"product": {
"name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)",
"product_id": "T052756"
}
}
],
"category": "product_name",
"name": "Visual Studio 2017"
},
{
"branches": [
{
"category": "product_version_range",
"name": "version 16.11 (includes 16.0-16.10)",
"product": {
"name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)",
"product_id": "T052786"
}
},
{
"category": "product_version_range",
"name": "version 16.4 (includes 16.0-16.3)",
"product": {
"name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0-16.3)",
"product_id": "T052787"
}
}
],
"category": "product_name",
"name": "Visual Studio 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "version 17.14",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.14",
"product_id": "T052777"
}
},
{
"category": "product_version_range",
"name": "version 17.12",
"product": {
"name": "Microsoft Visual Studio 2022 version 17.12",
"product_id": "T052778"
}
}
],
"category": "product_name",
"name": "Visual Studio 2022"
},
{
"branches": [
{
"category": "product_version",
"name": "CoPilot Chat Extension",
"product": {
"name": "Microsoft Visual Studio Code CoPilot Chat Extension",
"product_id": "T052776",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:visual_studio_code:copilot_chat_extension"
}
}
}
],
"category": "product_name",
"name": "Visual Studio Code"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-23653",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-23653"
},
{
"cve": "CVE-2026-23666",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-23666"
},
{
"cve": "CVE-2026-26143",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-26143"
},
{
"cve": "CVE-2026-26171",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-26171"
},
{
"cve": "CVE-2026-32178",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32178"
},
{
"cve": "CVE-2026-32203",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32203"
},
{
"cve": "CVE-2026-32226",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32226"
},
{
"cve": "CVE-2026-32631",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-32631"
},
{
"cve": "CVE-2026-33116",
"product_status": {
"known_affected": [
"432556",
"67646",
"432557",
"T052777",
"T052756",
"T052778",
"T052775",
"T052776",
"T004914",
"T051615",
"T051616",
"T052749",
"1809886",
"T047075",
"T017180",
"T017181",
"T017182",
"T017183",
"T052786",
"T052787",
"T032255",
"74185",
"834793",
"1273212",
"T000126",
"T047078",
"T047076",
"T047077"
]
},
"release_date": "2026-04-14T22:00:00.000+00:00",
"title": "CVE-2026-33116"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…