CVE-2026-32178

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions .NET versions 8.0.0 through 8.0.25 .NET versions 9.0.0 through 9.0.14 .NET versions 10.0.0 through 10.0.5

Description Improper neutralization of special elements in System.Net.Mail allows an unauthorized attacker to perform a spoofing attack over a network by using specially crafted data.

Recommendations Update .NET 8.0 to version 8.0.26. Update .NET 9.0 to version 9.0.15. Update .NET 10.0 to version 10.0.6.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-138

Related Identifiers

ALSA-2026:8468

ALSA-2026:8469

ALSA-2026:8470

ALSA-2026:8472

ALSA-2026:8473

ALSA-2026:8475

BDU:2026-05457

BIT-DOTNET-2026-32178

BIT-DOTNET-SDK-2026-32178

CVE-2026-32178

GHSA-VMWF-M9C5-3JVC

RHSA-2026:13693

RHSA-2026:8467

RHSA-2026:8468

RHSA-2026:8469

RHSA-2026:8470

RHSA-2026:8471

RHSA-2026:8472

RHSA-2026:8473

RHSA-2026:8474

RHSA-2026:8475

RHSA-2026:9077

RHSA-2026:9080

RHSA-2026:9205

USN-8176-1

USN-8216-1

Affected Products

.Net Framework

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-32178

Weakness Enumeration

Related Identifiers

Affected Products

References · 66