Description
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Published: 2026-04-14
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the .NET framework and Visual Studio 2022, allowing an attacker to trigger a denial of service through malformed network input. The overflow leads to stack corruption and unhandled exceptions that crash the application, making it unavailable to legitimate users.

Affected Systems

The flaw affects Microsoft .NET releases 8.0, 9.0, and 10.0, as well as Visual Studio 2022 versions 17.12 and 17.14. Any instance of these products that processes untrusted data over a network is at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a serious impact, and while the EPSS score is not listed, the absence of a KEV entry suggests no known widespread exploitation yet. The likely attack vector is remote over the network, requiring an attacker to craft a malicious packet or payload that targets the vulnerable logic. Once executed, the overflow causes the application to crash, denying legitimate access. In the absence of additional mitigations, the risk remains significant for systems exposed to external traffic.

Generated by OpenCVE AI on April 15, 2026 at 02:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for .NET and Visual Studio 2022 that addresses CVE‑2026‑32203.
  • Consider disabling or restricting network access to services running .NET or Visual Studio when not required.
  • Implement firewall rules or network segmentation to isolate vulnerable services from external traffic.

Generated by OpenCVE AI on April 15, 2026 at 02:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft microsoft Visual Studio 2022
Vendors & Products Microsoft microsoft Visual Studio 2022

Wed, 15 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Title .NET and Visual Studio Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft .net
Microsoft visual Studio 2022
Weaknesses CWE-121
CWE-20
CPEs cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .net
Microsoft visual Studio 2022
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft .net Microsoft Visual Studio 2022 Visual Studio 2022
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-15T21:55:26.623Z

Reserved: 2026-03-11T01:49:58.658Z

Link: CVE-2026-32203

cve-icon Vulnrichment

Updated: 2026-04-15T10:42:51.582Z

cve-icon NVD

Status : Received

Published: 2026-04-14T18:17:27.700

Modified: 2026-04-14T18:17:27.700

Link: CVE-2026-32203

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-14T18:39:07Z

Links: CVE-2026-32203 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:02:39Z

Weaknesses