{ "threat_severity" : "Moderate", "public_date" : "2026-05-12T16:59:01Z", "bugzilla" : { "description" : "dotnet: .NET: improper handling of files allows an attacker to write to certain locations", "id" : "2476651", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2476651" }, "cvss3" : { "cvss3_base_score" : "4.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status" : "draft" }, "cwe" : "CWE-36", "details" : [ "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.\nTo exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.\nThe security update fixes the vulnerability by ensuring .NET Core properly handles files.", "A flaw was found in dotnet. Improper handling of specially crafted files can cause a path traversal vulnerability in .NET Core, allowing an attacker who can send a malicious file to a vulnerable system to write to arbitrary files and directories in certain locations." ], "statement" : "This vulnerability can be exploited by an attacker who can send specially crafted files to a vulnerable system. However, the attacker has limited control over the destination of the files and directories that can be accessed, limiting the impact of this flaw. Due to these reasons, this issue has been rated with a moderate severity.\nThis vulnerability affects .NET running on Windows systems. Therefore, Red Hat products are not affected by this issue.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "dotnet10.0", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "dotnet8.0", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "dotnet10.0", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "dotnet8.0", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dotnet10.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dotnet8.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Not affected", "package_name" : "dotnet10.0", "cpe" : "cpe:/a:redhat:hummingbird:1" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Not affected", "package_name" : "dotnet8.0", "cpe" : "cpe:/a:redhat:hummingbird:1" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/a:redhat:hummingbird:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-32175\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32175\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175" ], "name" : "CVE-2026-32175", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }