VYPR
Critical severityNVD Advisory· Published Apr 16, 2026

MsQuic has a Remote Elevation of Privilege Vulnerability

CVE-2026-32179

Description

Summary

Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network.

Details

Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame.

#### Patches - Fix underflow in ACK frame parsing - 1e6e999b

Impact

An attacker who successfully exploited this vulnerability could gain elevated privileges.

MSRC

CVE Info https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32179

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.Native.Quic.MsQuic.OpenSSLNuGet
>= 2.5.0-ci.532574, < 2.5.72.5.7
Microsoft.Native.Quic.MsQuic.SchannelNuGet
>= 2.5.0-ci.532574, < 2.5.72.5.7
Microsoft.Native.Quic.MsQuic.SchannelNuGet
< 2.4.182.4.18
Microsoft.Native.Quic.MsQuic.OpenSSLNuGet
< 2.4.182.4.18

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.