CVE-2026-32178
NET Spoofing Vulnerability via Improper Input Neutralization
Publication date: 2026-04-14
Last updated on: 2026-04-14
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | .net | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-138 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper neutralization of special elements in the .NET framework. It allows an unauthorized attacker to perform spoofing attacks over a network.
How can this vulnerability impact me? :
The vulnerability can lead to spoofing attacks, where an attacker can impersonate a trusted entity over a network. This can result in unauthorized access or deception, potentially compromising security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthorized attacker to perform spoofing over a network by exploiting improper neutralization of special elements in .NET.
Such spoofing attacks can potentially lead to unauthorized access or misrepresentation of identity, which may impact the confidentiality and integrity of data.
This could affect compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and prevention of unauthorized access.