Description
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-04-14
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Spoofing
Action: Immediate Patch
AI Analysis

Impact

Improper neutralization of special elements within the .NET runtime creates a flaw that lets an attacker spoof network identities, enabling impersonation of legitimate services. This weakness, corresponding to the Common Weakness Enumeration 138, can compromise authentication mechanisms and lead to unauthorized access or data manipulation. The primary impact is that a malicious actor may appear as a trusted source over the network, potentially deceiving connected systems into accepting harmful input.

Affected Systems

Microsoft .NET 10.0, .NET 9.0, .NET 8.0, and Microsoft Visual Studio 2022 versions 17.12 and 17.14 are affected. These versions may still be deployed in environments that rely on .NET for web or application services.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating a high severity assessment. While an EPSS score is not available and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, the description implies a network-based attack vector. Potential exploit paths would involve the delivery of crafted data containing special elements to a vulnerable .NET component, allowing an attacker to forge identities and bypass security controls. The lack of public exploit availability or known active exploitation reduces immediate risk, but the high score warrants prompt attention.

Generated by OpenCVE AI on April 14, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security updates released by Microsoft for .NET 10.0, .NET 9.0, and .NET 8.0, as well as for Visual Studio 2022 versions 17.12 and 17.14.
  • Verify that any affected applications are moved to environments that reject or sanitize untrusted network input, and consider network segmentation to limit exposure.
  • Regularly monitor authentication logs for signs of impersonation or spoofing attempts and review network traffic for anomalous patterns.

Generated by OpenCVE AI on April 14, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vmwf-m9c5-3jvc Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability
History

Wed, 15 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Title .NET Spoofing Vulnerability
First Time appeared Microsoft
Microsoft .net
Microsoft visual Studio 2022
Weaknesses CWE-138
CPEs cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .net
Microsoft visual Studio 2022
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft .net Visual Studio 2022
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-15T21:54:30.840Z

Reserved: 2026-03-11T00:26:53.425Z

Link: CVE-2026-32178

cve-icon Vulnrichment

Updated: 2026-04-15T10:43:00.851Z

cve-icon NVD

Status : Received

Published: 2026-04-14T18:17:20.260

Modified: 2026-04-14T18:17:20.260

Link: CVE-2026-32178

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-14T18:41:05Z

Links: CVE-2026-32178 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses