Medium severity4.3NVD Advisory· Published May 12, 2026· Updated May 13, 2026

CVE-2026-32175

Description

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175nvd

News mentions

Patch Tuesday - May 2026
Rapid7 Blog · May 13, 2026
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
BleepingComputer · May 12, 2026

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000