Microsoft Net 9.0 vulnerabilities

CVE-2026-33116 [HIGH] CWE-20 CVE-2026-33116: Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

CVE-2026-26171 [HIGH] CWE-400 CVE-2026-26171: Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a net Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-32203 [HIGH] CWE-20 CVE-2026-32203: Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny servic Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

CVE-2026-32178 [HIGH] CWE-138 CVE-2026-32178: Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoof Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-26127 [HIGH] CWE-125 CVE-2026-26127: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-21218 [HIGH] CWE-166 CVE-2026-21218: Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoo Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-55247 [HIGH] CWE-59 CVE-2025-55247: Improper link resolution before file access ('link following') in .NET allows an authorized attacker Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

CVE-2025-55248 [MEDIUM] CWE-326 CVE-2025-55248: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-26646 [HIGH] CWE-73 CVE-2025-26646: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allo External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

CVE-2025-21176 [HIGH] CWE-126 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21173 [HIGH] CWE-379 .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability

CVE-2025-21171 [HIGH] CWE-122 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability

CVE-2025-21172 [HIGH] CWE-190 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-43498 [CRITICAL] CWE-843 CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-43499 [HIGH] CWE-409 CVE-2024-43499: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability