CVE-2026-32175: CWE-36: Absolute Path Traversal in Microsoft .NET 10.0
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
AI Analysis
Technical Summary
This vulnerability (CWE-36) in Microsoft .NET 10.0 involves improper handling of specially crafted files, leading to absolute path traversal. An attacker can exploit this by sending a crafted file to write arbitrary files and directories on the system. The impact is limited by the attacker's restricted control over file destinations. Microsoft has issued an official security update that corrects the file handling behavior to prevent exploitation.
Potential Impact
The vulnerability allows limited arbitrary file and directory creation on affected systems, which can lead to integrity issues. There is no confidentiality or availability impact reported. Exploitation requires sending a specially crafted file and privileges consistent with the CVSS vector (low privileges required). No known exploits are reported in the wild.
Mitigation Recommendations
An official fix from Microsoft is available and should be applied to affected .NET 10.0 systems. The vendor advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175) provides the update details. Applying this patch fully mitigates the vulnerability.
CVE-2026-32175: CWE-36: Absolute Path Traversal in Microsoft .NET 10.0
Description
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-36) in Microsoft .NET 10.0 involves improper handling of specially crafted files, leading to absolute path traversal. An attacker can exploit this by sending a crafted file to write arbitrary files and directories on the system. The impact is limited by the attacker's restricted control over file destinations. Microsoft has issued an official security update that corrects the file handling behavior to prevent exploitation.
Potential Impact
The vulnerability allows limited arbitrary file and directory creation on affected systems, which can lead to integrity issues. There is no confidentiality or availability impact reported. Exploitation requires sending a specially crafted file and privileges consistent with the CVSS vector (low privileges required). No known exploits are reported in the wild.
Mitigation Recommendations
An official fix from Microsoft is available and should be applied to affected .NET 10.0 systems. The vendor advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175) provides the update details. Applying this patch fully mitigates the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2026-03-11T00:26:53.424Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- official-fix
- Vendor Advisory Urls
- [{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175","vendor":"Microsoft"}]
Threat ID: 6a036535cbff5d861008c2a5
Added to database: 5/12/2026, 5:36:53 PM
Last enriched: 5/12/2026, 7:37:35 PM
Last updated: 5/13/2026, 3:57:31 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.