CVE-2018-0786
Description
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Microsoft .NET and .NET Core fail to properly validate Enhanced Key Usage in X.509 certificates, allowing a security feature bypass that could enable spoofing attacks.
Vulnerability
A security feature bypass vulnerability exists in .NET certificate validation due to improper checking of Enhanced Key Usage (EKU) attributes. Affected products include Microsoft .NET Framework 2.0 SP2 through 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0. For .NET Core, the vulnerable packages are System.ServiceModel.* versions 4.3.0 (1.x) and 4.4.0 (2.0). [3][4]
Exploitation
An attacker in a network position to present a certificate can supply a certificate that is marked invalid for the intended use (e.g., a code signing certificate used for server authentication). The affected component accepts the certificate without validating the EKU, bypassing the security feature. [3]
Impact
Successful exploitation allows the attacker to use a certificate for an unintended purpose, potentially enabling spoofing or other attacks that rely on improper certificate usage. This is a security feature bypass. [3][4]
Mitigation
For .NET Core, update affected NuGet packages to versions 4.3.1 (1.x) and 4.4.1 (2.0) and ensure runtimes are at least 1.0.9, 1.1.6, or 2.0.5. For .NET Framework, apply the January 2018 security updates as part of Microsoft's Patch Tuesday. PowerShell Core 6.0.0 users should update to a later version. [3][4]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.2.0, < 5.2.4 | 5.2.4 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.3.0, < 5.3.5 | 5.3.5 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 5.4.0, < 5.4.2 | 5.4.2 |
Microsoft.NETCore.UniversalWindowsPlatformNuGet | >= 6.0.0, < 6.0.6 | 6.0.6 |
System.ServiceModel.PrimitivesNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.PrimitivesNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.PrimitivesNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.HttpNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.HttpNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.HttpNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.NetTcpNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.NetTcpNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.NetTcpNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
System.ServiceModel.DuplexNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.DuplexNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.DuplexNuGet | >= 4.0.1, < 4.0.2 | 4.0.2 |
System.ServiceModel.SecurityNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.ServiceModel.SecurityNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.ServiceModel.SecurityNuGet | >= 4.0.1, < 4.0.2 | 4.0.2 |
System.Private.ServiceModelNuGet | >= 4.4.0, < 4.4.1 | 4.4.1 |
System.Private.ServiceModelNuGet | >= 4.3.0, < 4.3.1 | 4.3.1 |
System.Private.ServiceModelNuGet | >= 4.1.0, < 4.1.1 | 4.1.1 |
Affected products
11- Range: 6.0.0
- Range: 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
- ghsa-coords7 versionspkg:nuget/microsoft.netcore.universalwindowsplatformpkg:nuget/system.private.servicemodelpkg:nuget/system.servicemodel.duplexpkg:nuget/system.servicemodel.httppkg:nuget/system.servicemodel.nettcppkg:nuget/system.servicemodel.primitivespkg:nuget/system.servicemodel.security
>= 5.2.0, < 5.2.4+ 6 more
- (no CPE)range: >= 5.2.0, < 5.2.4
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- (no CPE)range: >= 4.4.0, < 4.4.1
- Microsoft Corporation/.NET Framework, .NET Core, and PowerShell Corev5Range: Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-jc8g-xhw5-6x46ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-0786ghsaADVISORY
- www.securityfocus.com/bid/102380mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040152mitrevdb-entryx_refsource_SECTRACK
- github.com/dotnet/announcements/issues/51ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786ghsax_refsource_CONFIRMWEB
- www.nuget.org/packages/System.ServiceModel.DuplexghsaWEB
News mentions
0No linked articles in our index yet.