High severity7.5NVD Advisory· Published Apr 14, 2026· Updated May 6, 2026
CVE-2026-32203
CVE-2026-32203
Description
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Affected products
47cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*range: >=17.12.0,<17.12.19
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*range: >=17.14.0,<17.14.30
- cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*range: >=18.4.0,<18.4.4
- osv-coords43 versionspkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:rpm/almalinux/aspnetcore-runtime-10.0pkg:rpm/almalinux/aspnetcore-runtime-8.0pkg:rpm/almalinux/aspnetcore-runtime-9.0pkg:rpm/almalinux/aspnetcore-runtime-dbg-10.0pkg:rpm/almalinux/aspnetcore-runtime-dbg-8.0pkg:rpm/almalinux/aspnetcore-runtime-dbg-9.0pkg:rpm/almalinux/aspnetcore-targeting-pack-10.0pkg:rpm/almalinux/aspnetcore-targeting-pack-8.0pkg:rpm/almalinux/aspnetcore-targeting-pack-9.0pkg:rpm/almalinux/dotnetpkg:rpm/almalinux/dotnet-apphost-pack-10.0pkg:rpm/almalinux/dotnet-apphost-pack-8.0pkg:rpm/almalinux/dotnet-apphost-pack-9.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-10.0pkg:rpm/almalinux/dotnet-hostfxr-8.0pkg:rpm/almalinux/dotnet-hostfxr-9.0pkg:rpm/almalinux/dotnet-runtime-10.0pkg:rpm/almalinux/dotnet-runtime-8.0pkg:rpm/almalinux/dotnet-runtime-9.0pkg:rpm/almalinux/dotnet-runtime-dbg-10.0pkg:rpm/almalinux/dotnet-runtime-dbg-8.0pkg:rpm/almalinux/dotnet-runtime-dbg-9.0pkg:rpm/almalinux/dotnet-sdk-10.0pkg:rpm/almalinux/dotnet-sdk-10.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-8.0pkg:rpm/almalinux/dotnet-sdk-8.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-9.0pkg:rpm/almalinux/dotnet-sdk-9.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-aot-10.0pkg:rpm/almalinux/dotnet-sdk-aot-9.0pkg:rpm/almalinux/dotnet-sdk-dbg-10.0pkg:rpm/almalinux/dotnet-sdk-dbg-8.0pkg:rpm/almalinux/dotnet-sdk-dbg-9.0pkg:rpm/almalinux/dotnet-targeting-pack-10.0pkg:rpm/almalinux/dotnet-targeting-pack-8.0pkg:rpm/almalinux/dotnet-targeting-pack-9.0pkg:rpm/almalinux/dotnet-templates-10.0pkg:rpm/almalinux/dotnet-templates-8.0pkg:rpm/almalinux/dotnet-templates-9.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
>= 8.0.0, < 8.0.26+ 42 more
- (no CPE)range: >= 8.0.0, < 8.0.26
- (no CPE)range: >= 8.0.0, < 8.0.26
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 8.0.126-1.el8_10
- (no CPE)range: < 8.0.126-1.el8_10
- (no CPE)range: < 9.0.116-1.el10_1
- (no CPE)range: < 9.0.116-1.el10_1
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 9.0.116-1.el10_1
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 8.0.126-1.el8_10
- (no CPE)range: < 9.0.116-1.el10_1
- (no CPE)range: < 10.0.6-1.el8_10
- (no CPE)range: < 8.0.26-1.el8_10
- (no CPE)range: < 9.0.15-1.el10_1
- (no CPE)range: < 10.0.106-1.el8_10
- (no CPE)range: < 8.0.126-1.el8_10
- (no CPE)range: < 9.0.116-1.el10_1
- (no CPE)range: < 9.0.116-1.el10_1
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203nvdVendor Advisory
News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026