VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-kq9k-t7z8-sbd8

Essentials
Severities (14)
References (28)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kq9k-t7z8-sbd8
Aliases	CVE-2026-32178 GHSA-vmwf-m9c5-3jvc
Summary	Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-138	Improper Neutralization of Special Elements
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32178.json
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2026-32178
cvssv3.1	0.0	https://github.com/dotnet/announcements/issues/12345
generic_textual	LOW	https://github.com/dotnet/announcements/issues/12345
cvssv3.1	0.0	https://github.com/dotnet/runtime
generic_textual	LOW	https://github.com/dotnet/runtime
cvssv3.1	0.0	https://github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvc
generic_textual	LOW	https://github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvc
cvssv3.1	0.0	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
cvssv3.1	7.5	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
generic_textual	LOW	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
ssvc	Track	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
cvssv3.1	0.0	https://nvd.nist.gov/vuln/detail/CVE-2026-32178
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2026-32178

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32178.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-32178
		https://github.com/dotnet/announcements/issues/12345
		https://github.com/dotnet/runtime
		https://github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvc
		https://nvd.nist.gov/vuln/detail/CVE-2026-32178
2457781		https://bugzilla.redhat.com/show_bug.cgi?id=2457781
CVE-2026-32178		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178
GHSA-vmwf-m9c5-3jvc		https://github.com/advisories/GHSA-vmwf-m9c5-3jvc
RHSA-2026:13280		https://access.redhat.com/errata/RHSA-2026:13280
RHSA-2026:13281		https://access.redhat.com/errata/RHSA-2026:13281
RHSA-2026:13282		https://access.redhat.com/errata/RHSA-2026:13282
RHSA-2026:13283		https://access.redhat.com/errata/RHSA-2026:13283
RHSA-2026:13693		https://access.redhat.com/errata/RHSA-2026:13693
RHSA-2026:8467		https://access.redhat.com/errata/RHSA-2026:8467
RHSA-2026:8468		https://access.redhat.com/errata/RHSA-2026:8468
RHSA-2026:8469		https://access.redhat.com/errata/RHSA-2026:8469
RHSA-2026:8470		https://access.redhat.com/errata/RHSA-2026:8470
RHSA-2026:8471		https://access.redhat.com/errata/RHSA-2026:8471
RHSA-2026:8472		https://access.redhat.com/errata/RHSA-2026:8472
RHSA-2026:8473		https://access.redhat.com/errata/RHSA-2026:8473
RHSA-2026:8474		https://access.redhat.com/errata/RHSA-2026:8474
RHSA-2026:8475		https://access.redhat.com/errata/RHSA-2026:8475
RHSA-2026:9077		https://access.redhat.com/errata/RHSA-2026:9077
RHSA-2026:9080		https://access.redhat.com/errata/RHSA-2026:9080
RHSA-2026:9205		https://access.redhat.com/errata/RHSA-2026:9205
USN-8176-1		https://usn.ubuntu.com/8176-1/
USN-8216-1		https://usn.ubuntu.com/8216-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32178.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Found at https://github.com/dotnet/announcements/issues/12345

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Found at https://github.com/dotnet/runtime

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Found at https://github.com/dotnet/runtime/security/advisories/GHSA-vmwf-m9c5-3jvc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T10:40:37Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-32178

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.18281
EPSS Score	0.00057
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:49:16.560128+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/32xxx/CVE-2026-32178.json	38.6.0