Critical severityNVD Advisory· Published Apr 16, 2026
MsQuic has a Remote Elevation of Privilege Vulnerability
CVE-2026-32179
Description
Summary
Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network.
Details
Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame.
#### Patches - Fix underflow in ACK frame parsing - 1e6e999b
Impact
An attacker who successfully exploited this vulnerability could gain elevated privileges.
MSRC
CVE Info https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32179
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.Native.Quic.MsQuic.OpenSSLNuGet | >= 2.5.0-ci.532574, < 2.5.7 | 2.5.7 |
Microsoft.Native.Quic.MsQuic.SchannelNuGet | >= 2.5.0-ci.532574, < 2.5.7 | 2.5.7 |
Microsoft.Native.Quic.MsQuic.SchannelNuGet | < 2.4.18 | 2.4.18 |
Microsoft.Native.Quic.MsQuic.OpenSSLNuGet | < 2.4.18 | 2.4.18 |
Affected products
2- ghsa-coords2 versions
>= 2.5.0-ci.532574, < 2.5.7+ 1 more
- (no CPE)range: >= 2.5.0-ci.532574, < 2.5.7
- (no CPE)range: >= 2.5.0-ci.532574, < 2.5.7
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.