Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32175 (GCVE-0-2026-32175)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12- CWE-36 - Absolute Path Traversal
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | .NET 10.0 |
Affected:
10.0.0 , < 10.0.8
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T19:22:38.751667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:22:51.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 10.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.27",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.16",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.20",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.32",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2026 version 18.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.8",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.5.3",
"versionStartIncluding": "18.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.32",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.20",
"versionStartIncluding": "17.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:12:35.340Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Core Tampering Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
}
],
"title": ".NET Core Tampering Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-32175",
"datePublished": "2026-05-12T16:59:01.649Z",
"dateReserved": "2026-03-11T00:26:53.424Z",
"dateUpdated": "2026-06-19T16:12:35.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32175\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T19:22:38.751667Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T19:22:44.313Z\"}}], \"cna\": {\"title\": \".NET Core Tampering Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 10.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.8\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.27\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.0.16\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.12.0\", \"lessThan\": \"17.12.20\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.14\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.14.0\", \"lessThan\": \"17.14.32\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2026 version 18.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.5.0\", \"lessThan\": \"18.5.3\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-05-12T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175\", \"name\": \".NET Core Tampering Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-36\", \"description\": \"CWE-36: Absolute Path Traversal\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.8\", \"versionStartIncluding\": \"10.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.27\", \"versionStartIncluding\": \"8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.16\", \"versionStartIncluding\": \"9.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.5.3\", \"versionStartIncluding\": \"18.5.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.14.32\", \"versionStartIncluding\": \"17.14.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.12.20\", \"versionStartIncluding\": \"17.12.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-06-19T16:12:35.340Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32175\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-19T16:12:35.340Z\", \"dateReserved\": \"2026-03-11T00:26:53.424Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-05-12T16:59:01.649Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0796
Vulnerability from certfr_avis - Published: 2026-06-24 - Updated: 2026-06-24
De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Identity Exposure | Tenable Identity Exposure versions antérieures à v3.93.5 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable Identity Exposure versions ant\u00e9rieures \u00e0 v3.93.5",
"product": {
"name": "Identity Exposure",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2026-42789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42789"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2026-34180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34180"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2026-35188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35188"
},
{
"name": "CVE-2026-42766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42766"
},
{
"name": "CVE-2026-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9076"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2026-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
},
{
"name": "CVE-2026-34181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34181"
},
{
"name": "CVE-2026-42790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42790"
},
{
"name": "CVE-2026-42770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42770"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2026-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
},
{
"name": "CVE-2026-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6429"
},
{
"name": "CVE-2026-32167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32167"
},
{
"name": "CVE-2026-32175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32175"
},
{
"name": "CVE-2026-28386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28386"
},
{
"name": "CVE-2026-45445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45445"
},
{
"name": "CVE-2026-45591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45591"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2026-7383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7383"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2026-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42771"
},
{
"name": "CVE-2026-35433",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35433"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26130"
},
{
"name": "CVE-2026-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33120"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2026-42765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42765"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-42769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42769"
},
{
"name": "CVE-2026-6253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6253"
},
{
"name": "CVE-2026-7009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7009"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2026-42899",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42899"
},
{
"name": "CVE-2026-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"
},
{
"name": "CVE-2026-26171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26171"
},
{
"name": "CVE-2026-32203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32203"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-45447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45447"
},
{
"name": "CVE-2025-55247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
},
{
"name": "CVE-2025-14017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
},
{
"name": "CVE-2026-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3805"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-32177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32177"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2026-45446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45446"
},
{
"name": "CVE-2026-40370",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40370"
},
{
"name": "CVE-2026-13007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13007"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2026-34183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34183"
},
{
"name": "CVE-2025-13034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2026-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45490"
},
{
"name": "CVE-2025-14524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
},
{
"name": "CVE-2026-42767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42767"
},
{
"name": "CVE-2026-4873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4873"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2026-33116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33116"
},
{
"name": "CVE-2026-42764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42764"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-5773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5773"
},
{
"name": "CVE-2026-32178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32178"
},
{
"name": "CVE-2026-6276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6276"
},
{
"name": "CVE-2026-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42768"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-15079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2026-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45491"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2026-34182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34182"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2026-21218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21218"
},
{
"name": "CVE-2026-7168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7168"
},
{
"name": "CVE-2026-32176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32176"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-15224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2026-5545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5545"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2026-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
}
],
"initial_release_date": "2026-06-24T00:00:00",
"last_revision_date": "2026-06-24T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0796",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
"vendor_advisories": [
{
"published_at": "2026-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-16",
"url": "https://www.tenable.com/security/tns-2026-16"
}
]
}
CERTFR-2026-AVI-0585
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 6.3.9600.23181 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows Admin Center in Azure Portal versions antérieures à 2.6.7 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.8390 | ||
| Microsoft | N/A | Windows Admin Center versions antérieures à 2.6.5.16 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.7079 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 11 Version 26H1 pour systèmes x64 versions antérieures à 10.0.28000.2113 | ||
| Microsoft | N/A | Windows Server 2016 versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2019 versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 25H2 pour systèmes ARM64 versions antérieures à 10.0.26200.8457 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.7079 | ||
| Microsoft | N/A | Windows 11 Version 26H1 pour systèmes ARM64 versions antérieures à 10.0.28000.2113 | ||
| Microsoft | N/A | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.5139 | ||
| Microsoft | N/A | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.2330 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.20348.5139 | ||
| Microsoft | N/A | Windows Server 2025 versions antérieures à 10.0.26100.32860 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 25H2 pour systèmes x64 versions antérieures à 10.0.26200.8457 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.8390 | ||
| Microsoft | N/A | Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.32860 | ||
| Microsoft | N/A | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2012 versions antérieures à 6.2.9200.26079 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.23181 | ||
| Microsoft | N/A | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.26079 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.23181",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Admin Center in Azure Portal versions ant\u00e9rieures \u00e0 2.6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.8390",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Admin Center versions ant\u00e9rieures \u00e0 2.6.5.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.7079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 26H1 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.28000.2113",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26200.8457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.7079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 26H1 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.28000.2113",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.5139",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.2330",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.5139",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.32860",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26200.8457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.8390",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.32860",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.26079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.23181",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.26079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-34342",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34342"
},
{
"name": "CVE-2026-32209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32209"
},
{
"name": "CVE-2026-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40397"
},
{
"name": "CVE-2026-35419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35419"
},
{
"name": "CVE-2026-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41089"
},
{
"name": "CVE-2026-40401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40401"
},
{
"name": "CVE-2026-35438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35438"
},
{
"name": "CVE-2026-40377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40377"
},
{
"name": "CVE-2026-40380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40380"
},
{
"name": "CVE-2026-40402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40402"
},
{
"name": "CVE-2026-34345",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34345"
},
{
"name": "CVE-2026-33837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33837"
},
{
"name": "CVE-2026-32175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32175"
},
{
"name": "CVE-2026-40405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40405"
},
{
"name": "CVE-2026-34338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34338"
},
{
"name": "CVE-2026-34331",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34331"
},
{
"name": "CVE-2026-34343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34343"
},
{
"name": "CVE-2026-40369",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40369"
},
{
"name": "CVE-2026-35420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35420"
},
{
"name": "CVE-2026-34337",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34337"
},
{
"name": "CVE-2026-35433",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35433"
},
{
"name": "CVE-2026-32170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32170"
},
{
"name": "CVE-2026-34341",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34341"
},
{
"name": "CVE-2026-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34351"
},
{
"name": "CVE-2026-34340",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34340"
},
{
"name": "CVE-2026-34344",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34344"
},
{
"name": "CVE-2026-35424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35424"
},
{
"name": "CVE-2026-34329",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34329"
},
{
"name": "CVE-2026-40382",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40382"
},
{
"name": "CVE-2026-40408",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40408"
},
{
"name": "CVE-2026-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42896"
},
{
"name": "CVE-2026-35422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35422"
},
{
"name": "CVE-2026-40415",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40415"
},
{
"name": "CVE-2026-35418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35418"
},
{
"name": "CVE-2026-35423",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35423"
},
{
"name": "CVE-2026-42899",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42899"
},
{
"name": "CVE-2026-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41097"
},
{
"name": "CVE-2026-35417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35417"
},
{
"name": "CVE-2026-41086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41086"
},
{
"name": "CVE-2026-34330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34330"
},
{
"name": "CVE-2026-32177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32177"
},
{
"name": "CVE-2026-40407",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40407"
},
{
"name": "CVE-2026-32161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32161"
},
{
"name": "CVE-2026-34334",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34334"
},
{
"name": "CVE-2026-33834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33834"
},
{
"name": "CVE-2026-34332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34332"
},
{
"name": "CVE-2026-40413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40413"
},
{
"name": "CVE-2026-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41096"
},
{
"name": "CVE-2025-54518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54518"
},
{
"name": "CVE-2026-34333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34333"
},
{
"name": "CVE-2026-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21530"
},
{
"name": "CVE-2026-33838",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33838"
},
{
"name": "CVE-2026-34347",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34347"
},
{
"name": "CVE-2026-34339",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34339"
},
{
"name": "CVE-2026-42825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42825"
},
{
"name": "CVE-2026-40398",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40398"
},
{
"name": "CVE-2026-35415",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35415"
},
{
"name": "CVE-2026-33840",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33840"
},
{
"name": "CVE-2026-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41088"
},
{
"name": "CVE-2026-40410",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40410"
},
{
"name": "CVE-2026-35421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35421"
},
{
"name": "CVE-2026-40406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40406"
},
{
"name": "CVE-2026-33841",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33841"
},
{
"name": "CVE-2026-33835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33835"
},
{
"name": "CVE-2026-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40403"
},
{
"name": "CVE-2026-40399",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40399"
},
{
"name": "CVE-2026-34350",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34350"
},
{
"name": "CVE-2026-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40414"
},
{
"name": "CVE-2026-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41095"
},
{
"name": "CVE-2026-33839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33839"
},
{
"name": "CVE-2026-35416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35416"
},
{
"name": "CVE-2026-34336",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34336"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40407",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40407"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35418",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35418"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34345",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34345"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32209"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35422",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35422"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34330",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34330"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32170",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32170"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34350",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34350"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40401",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40401"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35415"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40415"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40397",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40397"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34333"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40406",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40406"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34339",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34339"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34334"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41088"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35419",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35419"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34332"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34351",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34351"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34329",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34329"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42896",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42896"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-54518",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54518"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40398"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35438",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35438"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35421",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33834",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33834"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35416",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35416"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41086",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41086"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40382"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40410",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40410"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35433",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34338"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34342",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34342"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35420",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35420"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33838",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33838"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41089",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33840",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33840"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40408",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40408"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35423",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35423"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32161",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32161"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34343",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34343"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40402",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40402"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34336"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35424",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35424"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40405",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40405"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42899",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40377",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40377"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33835",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33835"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40399",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40399"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34337",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34337"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40380",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40380"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35417",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35417"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34340",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34340"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40414"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33839",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33839"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41095"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41097"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34331"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32175",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33841",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33841"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40369",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40369"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40403",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40403"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41096",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34347",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34347"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40413",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40413"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42825",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42825"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33837",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33837"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34341",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34341"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34344",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34344"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21530",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21530"
}
]
}
CERTFR-2026-AVI-0588
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2110.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.80 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5552.1002 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central Release Wave 2 2025 versions antérieures à 27.6 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central Release Wave 1 2025 versions antérieures à 26.12 | ||
| Microsoft | N/A | Microsoft JIRA SAML SSO plugin versions antérieures à 1.3.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2026 version 18.5 antérieures à 18.5.3 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1180.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20128 | ||
| Microsoft | N/A | M365 Copilot pour Desktop versions antérieures à 19.2604.43111.0 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 24) versions antérieures à 16.0.4252.3 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4470.1 | ||
| Microsoft | N/A | Microsoft Data Formulator versions antérieures à 0.7 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6490.1 | ||
| Microsoft | N/A | Microsoft Teams pour Android versions antérieures à 1.0.0.2026092103 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20280 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.44.15 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (CU4) versions antérieures à 17.0.4040.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.56 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.31 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2170.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7085.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.20 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3530.2 | ||
| Microsoft | N/A | Microsoft Confluence SAML SSO plugin versions antérieures à 7.4.0 | ||
| Microsoft | N/A | Visual Studio Code - Live Preview extension versions antérieures à 0.4.19 | ||
| Microsoft | N/A | Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1115.1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2026 Release Wave 1 versions antérieures à 28.1 | ||
| Microsoft | N/A | Visual Studio Code versions antérieures à 1.119.1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2024 Release Wave 2 versions antérieures à 25.18 | ||
| Microsoft | N/A | Power Automate pour Desktop versions antérieures à 2.67 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2110.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) ant\u00e9rieures \u00e0 15.9.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5552.1002",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central Release Wave 2 2025 versions ant\u00e9rieures \u00e0 27.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central Release Wave 1 2025 versions ant\u00e9rieures \u00e0 26.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft JIRA SAML SSO plugin versions ant\u00e9rieures \u00e0 1.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2026 version 18.5 ant\u00e9rieures \u00e0 18.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1180.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20128",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "M365 Copilot pour Desktop versions ant\u00e9rieures \u00e0 19.2604.43111.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 24) versions ant\u00e9rieures \u00e0 16.0.4252.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4470.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Data Formulator versions ant\u00e9rieures \u00e0 0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6490.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Android versions ant\u00e9rieures \u00e0 1.0.0.2026092103",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19725.20280",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.44.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (CU4) versions ant\u00e9rieures \u00e0 17.0.4040.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) ant\u00e9rieures \u00e0 16.11.56",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2170.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7085.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.12 ant\u00e9rieures \u00e0 17.12.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3530.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Confluence SAML SSO plugin versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code - Live Preview extension versions ant\u00e9rieures \u00e0 0.4.19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2025 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 17.0.1115.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2026 Release Wave 1 versions ant\u00e9rieures \u00e0 28.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.119.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2024 Release Wave 2 versions ant\u00e9rieures \u00e0 25.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Power Automate pour Desktop versions ant\u00e9rieures \u00e0 2.67",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-40417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40417"
},
{
"name": "CVE-2026-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42898"
},
{
"name": "CVE-2026-41612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41612"
},
{
"name": "CVE-2026-40365",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40365"
},
{
"name": "CVE-2026-41614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41614"
},
{
"name": "CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"name": "CVE-2026-42833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42833"
},
{
"name": "CVE-2026-40368",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40368"
},
{
"name": "CVE-2026-32175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32175"
},
{
"name": "CVE-2026-33110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33110"
},
{
"name": "CVE-2026-41613",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41613"
},
{
"name": "CVE-2026-41094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41094"
},
{
"name": "CVE-2026-6665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6665"
},
{
"name": "CVE-2026-40357",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40357"
},
{
"name": "CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"name": "CVE-2026-35439",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35439"
},
{
"name": "CVE-2026-40367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40367"
},
{
"name": "CVE-2026-6667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6667"
},
{
"name": "CVE-2026-6664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6664"
},
{
"name": "CVE-2026-32177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32177"
},
{
"name": "CVE-2026-40370",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40370"
},
{
"name": "CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"name": "CVE-2026-41109",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41109"
},
{
"name": "CVE-2026-44656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44656"
},
{
"name": "CVE-2026-6666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6666"
},
{
"name": "CVE-2026-41611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41611"
},
{
"name": "CVE-2026-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40374"
},
{
"name": "CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"name": "CVE-2026-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41103"
},
{
"name": "CVE-2026-33112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33112"
},
{
"name": "CVE-2026-32185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32185"
},
{
"name": "CVE-2026-45130",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45130"
},
{
"name": "CVE-2025-48431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48431"
},
{
"name": "CVE-2026-41610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41610"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0588",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33110",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33110"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6664"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32185",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41602",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41602"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45130",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45130"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-48431",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48431"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6665",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6665"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-35439",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41610",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41610"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40417",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40417"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42898",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41614",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41614"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41612",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41612"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40374",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40374"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41636",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41636"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-44656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44656"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32175",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40370",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40370"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40368",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40368"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41605",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41605"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41611",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41611"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41109",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41109"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6667",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6667"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6666",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6666"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40365",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40365"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33112",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33112"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40357",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40357"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41094",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41094"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41603",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41603"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42833",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42833"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41613",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41613"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40367",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367"
}
]
}
FKIE_CVE-2026-32175
Vulnerability from fkie_nvd - Published: 2026-05-12 18:16 - Updated: 2026-06-18 17:29| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175 | Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2026 | * | |
| microsoft | .net | * | |
| microsoft | .net | * | |
| microsoft | windows | - |
{
"affected": [
{
"affectedData": [
{
"product": ".NET 10.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.27",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.16",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.20",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.32",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2026 version 18.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.5.3",
"status": "affected",
"version": "18.5.0",
"versionType": "custom"
}
]
}
],
"source": "secure@microsoft.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84C9D69D-F0FC-465F-94B8-832EB58B6788",
"versionEndExcluding": "17.12.20",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E6D45-68A5-4C90-869C-20A314303B12",
"versionEndExcluding": "17.14.32",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6538F8A2-3412-4A67-98DC-CD3A7BC4117E",
"versionEndExcluding": "18.5.3",
"versionStartIncluding": "18.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22FEE1A6-0E92-4E1A-B3C0-AD8DF6EE7B7B",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F144BCB-8CEA-451A-9048-2A706EA67262",
"versionEndExcluding": "9.0.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files."
}
],
"id": "CVE-2026-32175",
"lastModified": "2026-06-18T17:29:32.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-32175",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T19:22:38.751667Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-12T18:16:58.737",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-36"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RG75-Q538-X34V
Vulnerability from github – Published: 2026-05-18 19:08 – Updated: 2026-05-18 19:08Executive Summary:
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/396
CVSS Details
- Version: 3.1
- Severity:
- Score: 4.3
- Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Weakness: CWE-36: Absolute Path Traversal
Affected Platforms
- Platforms: Windows
- Architectures: All
Affected Packages
The vulnerability affects any Microsoft .NET project if it uses any of affected package versions listed below
.NET 10
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.NetCore.App.Runtime.win-arm | >= 10.0.0, <= 10.0.7 | 10.0.8 |
| Microsoft.NetCore.App.Runtime.win-arm64 | >= 10.0.0, <= 10.0.7 | 10.0.8 |
| Microsoft.NetCore.App.Runtime.win-x64 | >= 10.0.0, <= 10.0.7 | 10.0.8 |
| Microsoft.NetCore.App.Runtime.win-x86 | >= 10.0.0, <= 10.0.7 | 10.0.8 |
.NET 9
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.NetCore.App.Runtime.win-arm | >= 9.0.0, <= 9.0.15 | 9.0.16 |
| Microsoft.NetCore.App.Runtime.win-arm64 | >= 9.0.0, <= 9.0.15 | 9.0.16 |
| Microsoft.NetCore.App.Runtime.win-x64 | >= 9.0.0, <= 9.0.15 | 9.0.16 |
| Microsoft.NetCore.App.Runtime.win-x86 | >= 9.0.0, <= 9.0.15 | 9.0.16 |
.NET 8
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.NetCore.App.Runtime.win-arm | >= 8.0.0, <= 8.0.26 | 8.0.27 |
| Microsoft.NetCore.App.Runtime.win-arm64 | >= 8.0.0, <= 8.0.26 | 8.0.27 |
| Microsoft.NetCore.App.Runtime.win-x64 | >= 8.0.0, <= 8.0.26 | 8.0.27 |
| Microsoft.NetCore.App.Runtime.win-x86 | >= 8.0.0, <= 8.0.26 | 8.0.27 |
Advisory FAQ
How do I know if I am affected?
If using a package listed in affected packages, a developer's application is exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of .NET 8.0, NET 9.0, or .NET 10.0, as appropriate. If developers have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt them to update Visual Studio, which will also update their .NET SDKs.
- If a developer's application references the vulnerable package, update the package reference to the patched version. Developers can list the versions they have installed by running the
dotnet --infocommand.
Once developers have installed the updated runtime or SDK, they can restart their apps for the update to take effect.
Additionally, if they've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
Other Information
Reporting Security Issues
If someone has found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the MSRC Researcher Portal. Further information can be found in the MSRC Report an Issue FAQ.
Security reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
Questions about this issue can be directed to the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. Questions should be submitted to the linked discussion issue.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Revisions
V1.0 (May 12, 2026): Advisory published.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.26"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.15"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.7"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.26"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.15"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.7"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.26"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.15"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.7"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.26"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.15"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.7"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32175"
],
"database_specific": {
"cwe_ids": [
"CWE-36"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T19:08:00Z",
"nvd_published_at": "2026-05-12T18:16:58Z",
"severity": "HIGH"
},
"details": "## Executive Summary: \n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. \n\nA tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. \n\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. \n\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files. \n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/396\n\n## CVSS Details\n\n- **Version:** 3.1\n- **Severity:** \n- **Score:** 4.3\n- **Vector:** /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n- **Weakness:** CWE-36: Absolute Path Traversal\n\n## Affected Platforms\n\n- **Platforms:** Windows\n- **Architectures:** All\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected package versions listed below\n\n### \u003ca name=\".NET 10\"\u003e\u003c/a\u003e.NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.NetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm) | \u003e= 10.0.0, \u003c= 10.0.7 | 10.0.8\n[Microsoft.NetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm64) | \u003e= 10.0.0, \u003c= 10.0.7 | 10.0.8\n[Microsoft.NetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x64) | \u003e= 10.0.0, \u003c= 10.0.7 | 10.0.8\n[Microsoft.NetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x86) | \u003e= 10.0.0, \u003c= 10.0.7 | 10.0.8\n\n### \u003ca name=\".NET 9\"\u003e\u003c/a\u003e.NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.NetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm) | \u003e= 9.0.0, \u003c= 9.0.15 | 9.0.16\n[Microsoft.NetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm64) | \u003e= 9.0.0, \u003c= 9.0.15 | 9.0.16\n[Microsoft.NetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x64) | \u003e= 9.0.0, \u003c= 9.0.15 | 9.0.16\n[Microsoft.NetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x86) | \u003e= 9.0.0, \u003c= 9.0.15 | 9.0.16\n\n### \u003ca name=\".NET 8\"\u003e\u003c/a\u003e.NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.NetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm) | \u003e= 8.0.0, \u003c= 8.0.26 | 8.0.27\n[Microsoft.NetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-arm64) | \u003e= 8.0.0, \u003c= 8.0.26 | 8.0.27\n[Microsoft.NetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x64) | \u003e= 8.0.0, \u003c= 8.0.26 | 8.0.27\n[Microsoft.NetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.NetCore.App.Runtime.win-x86) | \u003e= 8.0.0, \u003c= 8.0.26 | 8.0.27\n\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf using a package listed in [affected packages](#affected-packages), a developer\u0027s application is exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n1. To fix the issue please install the latest version of .NET 8.0, NET 9.0, or .NET 10.0, as appropriate. If developers have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt them to update Visual Studio, which will also update their .NET SDKs.\n2. If a developer\u0027s application references the vulnerable package, update the package reference to the patched version. Developers can list the versions they have installed by running the `dotnet --info` command. \n\nOnce developers have installed the updated runtime or SDK, they can restart their apps for the update to take effect.\n\nAdditionally, if they\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf someone has found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nQuestions about this issue can be directed to the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. Questions should be submitted to the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-32175]( https://www.cve.org/CVERecord?id=CVE-2026-32175)\n\n### Revisions\n\nV1.0 (May 12, 2026): Advisory published.",
"id": "GHSA-rg75-q538-x34v",
"modified": "2026-05-18T19:08:00Z",
"published": "2026-05-18T19:08:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/runtime/security/advisories/GHSA-rg75-q538-x34v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32175"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/announcements/issues/396"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/runtime"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Microsoft Security Advisory CVE-2026-32175 \u2013 .NET Core Tampering Vulnerability"
}
bit-dotnet-2026-32175
Vulnerability from bitnami_vulndb
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-32175"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.",
"id": "BIT-dotnet-2026-32175",
"modified": "2026-06-22T06:07:36.958Z",
"published": "2026-06-22T05:39:31.093Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32175"
}
],
"schema_version": "1.6.2",
"summary": ".NET Core Tampering Vulnerability"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.