Microsoft Net vulnerabilities

61 known vulnerabilities affecting microsoft/net.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH45MEDIUM13

Vulnerabilities

Page 1 of 4

CVE-2026-26131HIGHCVSS 7.8≥ 10.0.0, < 10.0.42026-03-10

CVE-2026-26131 [HIGH] CWE-276 CVE-2026-26131: Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-26127HIGHCVSS 7.5≥ 10.0.0, < 10.0.4≥ 9.0.0, < 9.0.142026-03-10

CVE-2026-26127 [HIGH] CWE-125 CVE-2026-26127: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

nvd

CVE-2026-21218HIGHCVSS 7.5≥ 8.0.0, < 8.0.24≥ 9.0.0, < 9.0.13+1 more2026-02-10

CVE-2026-21218 [HIGH] CWE-166 CVE-2026-21218: Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoo Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-55247HIGHCVSS 7.3≥ 8.0.0, < 8.0.21≥ 9.0.0, < 9.0.102025-10-14

CVE-2025-55247 [HIGH] CWE-59 CVE-2025-55247: Improper link resolution before file access ('link following') in .NET allows an authorized attacker Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-55248MEDIUMCVSS 5.7≥ 8.0.0, < 8.0.21≥ 9.0.0, < 9.0.102025-10-14

CVE-2025-55248 [MEDIUM] CWE-326 CVE-2025-55248: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-30399HIGHCVSS 7.5≥ 9.0.0, < 9.0.6≥ 8.0.0, < 8.0.172025-06-13

CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-26646HIGHCVSS 8.0≥ 9.0.0, < 9.0.5≥ 8.0.0, < 8.0.162025-05-13

CVE-2025-26646 [HIGH] CWE-73 CVE-2025-26646: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allo External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

nvd

CVE-2025-21176HIGHCVSS 8.8v8.0.0v9.0.02025-01-14

CVE-2025-21176 [HIGH] CWE-126 CVE-2025-21176: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

nvd

CVE-2025-21172HIGHCVSS 7.5v8.0.0v9.0.02025-01-14

CVE-2025-21172 [HIGH] CWE-122 CVE-2025-21172: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

nvd

CVE-2024-43498CRITICALCVSS 9.8v9.0.02024-11-12

CVE-2024-43498 [CRITICAL] CWE-843 CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

nvd

CVE-2024-43499HIGHCVSS 7.5v9.0.02024-11-12

CVE-2024-43499 [HIGH] CWE-409 CVE-2024-43499: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-43485HIGHCVSS 7.5≥ 6.0.0, < 6.0.35≥ 8.0.0, < 8.0.102024-10-08

CVE-2024-43485 [HIGH] CWE-407 CVE-2024-43485: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-43483HIGHCVSS 7.5≥ 6.0.0, < 6.0.35≥ 8.0.0, < 8.0.102024-10-08

CVE-2024-43483 [HIGH] CWE-407 CVE-2024-43483: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-38229HIGHCVSS 8.1≥ 8.0.0, < 8.0.102024-10-08

CVE-2024-38229 [HIGH] CWE-416 CVE-2024-38229: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

nvd

CVE-2024-43484HIGHCVSS 7.5≥ 6.0.0, < 6.0.35≥ 8.0.0, < 8.0.102024-10-08

CVE-2024-43484 [HIGH] CWE-407 CVE-2024-43484: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-38168HIGHCVSS 7.5≥ 8.0.0, < 8.0.82024-08-13

CVE-2024-38168 [HIGH] CWE-400 CVE-2024-38168: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-38167MEDIUMCVSS 6.5≥ 8.0.0, < 8.0.82024-08-13

CVE-2024-38167 [MEDIUM] CWE-319 CVE-2024-38167: .NET and Visual Studio Information Disclosure Vulnerability .NET and Visual Studio Information Disclosure Vulnerability

nvd

CVE-2024-38095HIGHCVSS 7.5≥ 8.0.0, < 8.0.72024-07-09

CVE-2024-38095 [HIGH] CWE-20 CVE-2024-38095: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-30105HIGHCVSS 7.5≥ 8.0.0, ≤ 8.0.72024-07-09

CVE-2024-30105 [HIGH] CWE-400 CVE-2024-30105: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

nvd

CVE-2024-38081HIGHCVSS 7.3≥ 6.0.0, < 6.0.322024-07-09

CVE-2024-38081 [HIGH] CWE-59 CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

nvd

1 / 4Next →