High severity7.5NVD Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2018-0786
CVE-2018-0786
Description
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.2.0, < 5.2.4 | 5.2.4 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.3.0, < 5.3.5 | 5.3.5 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.4.0, < 5.4.2 | 5.4.2 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 6.0.0, < 6.0.6 | 6.0.6 |
System.ServiceModel.PrimitivesNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.PrimitivesNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.PrimitivesNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.HttpNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.HttpNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.HttpNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.NetTcpNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.NetTcpNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.NetTcpNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.DuplexNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.DuplexNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.DuplexNuGet | >= 4.0.1, < 4.0.2 | 4.0.2 |
System.ServiceModel.SecurityNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.SecurityNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.SecurityNuGet | >= 4.0.1, < 4.0.2 | 4.0.2 |
System.Private.ServiceModelNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.Private.ServiceModelNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.Private.ServiceModelNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
Affected products
8- ghsa-coords7 versionspkg:nuget/microsoft.netcore.universalwindowsplatformpkg:nuget/system.private.servicemodelpkg:nuget/system.servicemodel.duplexpkg:nuget/system.servicemodel.httppkg:nuget/system.servicemodel.nettcppkg:nuget/system.servicemodel.primitivespkg:nuget/system.servicemodel.security
>= 5.2.0, < 5.2.4+ 6 more
- (no CPE)range: >= 5.2.0, < 5.2.4
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- Microsoft Corporation/.NET Framework, .NET Core, and PowerShell Corev5Range: Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0
Patches
Vulnerability mechanics
References
8- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/102380nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040152nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-jc8g-xhw5-6x46ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-0786ghsaADVISORY
- github.com/dotnet/announcements/issues/51ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
- www.nuget.org/packages/System.ServiceModel.DuplexghsaWEB
News mentions
0No linked articles in our index yet.