VYPR
Medium severity4.3NVD Advisory· Published May 12, 2026· Updated May 13, 2026

CVE-2026-32175

CVE-2026-32175

Description

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NetCore.App.Runtime.win-armNuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.NetCore.App.Runtime.win-armNuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.NetCore.App.Runtime.win-armNuGet
>= 10.0.0, < 10.0.810.0.8
Microsoft.NetCore.App.Runtime.win-arm64NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.NetCore.App.Runtime.win-arm64NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.NetCore.App.Runtime.win-arm64NuGet
>= 10.0.0, < 10.0.810.0.8
Microsoft.NetCore.App.Runtime.win-x64NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.NetCore.App.Runtime.win-x64NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.NetCore.App.Runtime.win-x64NuGet
>= 10.0.0, < 10.0.810.0.8
Microsoft.NetCore.App.Runtime.win-x86NuGet
>= 8.0.0, < 8.0.278.0.27
Microsoft.NetCore.App.Runtime.win-x86NuGet
>= 9.0.0, < 9.0.169.0.16
Microsoft.NetCore.App.Runtime.win-x86NuGet
>= 10.0.0, < 10.0.810.0.8

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

2