SpirityCVE

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microsoft	.net .net Framework Visual Studio 2017 Visual Studio 2019 Visual Studio 2022 Visual Studio 2026

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/virtual-ciso
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177

History

Wed, 13 May 2026 11:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft .net Framework
Vendors & Products		Microsoft .net Framework

Tue, 12 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Title		.NET Elevation of Privilege Vulnerability
First Time appeared		Microsoft Microsoft .net Microsoft visual Studio 2017 Microsoft visual Studio 2019 Microsoft visual Studio 2022 Microsoft visual Studio 2026
Weaknesses		CWE-122 CWE-20
CPEs		cpe:2.3:a:microsoft:.net:::::::: cpe:2.3:a:microsoft:visual_studio_2017:::::::: cpe:2.3:a:microsoft:visual_studio_2019:::::::: cpe:2.3:a:microsoft:visual_studio_2022:::::::: cpe:2.3:a:microsoft:visual_studio_2026::::::::
Vendors & Products		Microsoft Microsoft .net Microsoft visual Studio 2017 Microsoft visual Studio 2019 Microsoft visual Studio 2022 Microsoft visual Studio 2026
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-05-12T16:58:15.551Z

Updated: 2026-05-13T17:58:11.014Z

Reserved: 2026-03-11T00:26:53.425Z

Link: CVE-2026-32177

Vulnrichment

Updated: 2026-05-13T10:02:59.786Z

NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:16:58.947

Modified: 2026-05-13T15:34:52.573

Link: CVE-2026-32177

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object