CVE-2026-32178

Versions sourced from the GitHub Security Advisory.

• Dotnet/RuntimeGHSA

  Range: >= 8.0.0, <= 8.0.25
• Microsoft/Net

  cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*

  Range: >=10.0.0,<10.0.6
• Microsoft/Visual Studio 2022

  cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*

  Range: >=17.12.0,<17.12.19

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• github.com/advisories/GHSA-vmwf-m9c5-3jvcghsaADVISORY
• msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178nvdVendor AdvisoryWEB
• nvd.nist.gov/vuln/detail/CVE-2026-32178ghsaADVISORY
• github.com/dotnet/announcements/issues/12345ghsaWEB
• github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvcghsaWEB

• Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
  The Hacker News · May 15, 2026
• Living Off the Pipeline: Defending Against CI/CD Subversion
  SentinelOne Labs · May 15, 2026
• Akamai to acquire LayerX for $205 million
  Help Net Security · May 15, 2026
• Keycard helps developers secure autonomous AI agents with scoped access
  Help Net Security · May 15, 2026
• Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
  The Hacker News · May 14, 2026
• Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
  SecurityWeek · May 13, 2026
• Fedora Hummingbird brings the container security model to a Linux host OS
  Help Net Security · May 12, 2026
• SAP unveils Autonomous Enterprise for AI-driven business operations
  Help Net Security · May 12, 2026
• New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
  The Hacker News · May 12, 2026
• Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
  The Hacker News · May 12, 2026
• TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
  SecurityWeek · May 12, 2026
• Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
  The Hacker News · May 11, 2026
• Build Application Firewalls Aim to Stop the Next Supply Chain Attack
  SecurityWeek · May 11, 2026
• Linux developers weigh emergency “killswitch” for vulnerable kernel functions
  Help Net Security · May 11, 2026
• Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity Summit
  Rapid7 Blog · May 11, 2026
• ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
  The Hacker News · May 11, 2026
• TrickMo Android banker adopts TON blockchain for covert comms
  BleepingComputer · May 11, 2026
• A week in security (May 4 &#8211; May 10)
  Malwarebytes Labs · May 11, 2026
• Rustinel: Open-source endpoint detection for Windows and Linux
  Help Net Security · May 11, 2026
• Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
  Help Net Security · May 10, 2026
• Snyk integrates Claude to advance AI-native application security
  Help Net Security · May 8, 2026
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
  Rapid7 Blog · May 7, 2026
• How Cloudflare responded to the “Copy Fail” Linux vulnerability
  Cloudflare Blog · May 7, 2026
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
  The Hacker News · May 7, 2026
• Open-source MCP server monitoring for Python apps
  Help Net Security · May 7, 2026
• Sysdig delivers cloud security that runs inside AI coding agents
  Help Net Security · May 6, 2026
• Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
  Rapid7 Blog · May 6, 2026
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
  Malwarebytes Labs · May 6, 2026
• Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
  The Hacker News · May 6, 2026
• ServiceNow clears agents for landing with new AI control tower
  The Register Security · May 5, 2026
• Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
  The Hacker News · May 5, 2026
• A Walkthrough of the 2026 Global Cybersecurity Summit Agenda
  Rapid7 Blog · May 5, 2026
• UAT-8302 and its box full of malware
  Cisco Talos Intelligence · May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin
  Cisco Talos Intelligence · May 5, 2026
• A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
  ESET WeLiveSecurity · May 5, 2026
• Backdoored PyTorch Lightning package drops credential stealer
  BleepingComputer · May 4, 2026
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
  SANS Internet Storm Center · May 4, 2026
• Shadow IT has given way to shadow AI. Enter AI-BOMs
  The Register Security · May 4, 2026
• Shadow IT has given way to shadow AI. Enter AI-BOMs
  The Register Security · May 4, 2026
• Operant AI Endpoint Protector secures AI agents and MCP tools
  Help Net Security · May 4, 2026
• Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
  SecurityWeek · May 4, 2026
• Pipelock: Open-source AI agent firewall
  Help Net Security · May 4, 2026
• Code Orange: Fail Small is complete. The result is a stronger Cloudflare network
  Cloudflare Blog · May 1, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 18
  SentinelOne Labs · May 1, 2026
• Introducing Dynamic Workflows: durable execution that follows the tenant
  Cloudflare Blog · May 1, 2026
• Open-source privacy proxy masks PII before prompts reach external AI services
  Help Net Security · May 1, 2026
• New infosec products of the month: April 2026
  Help Net Security · May 1, 2026
• PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
  The Hacker News · Apr 30, 2026
• New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
  The Hacker News · Apr 30, 2026
• EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
  The Hacker News · Apr 30, 2026