CVE-2026-32203
Published: 14 April 2026
Summary
CVE-2026-32203 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft .Net. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 49.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-32203 is a stack-based buffer overflow vulnerability affecting .NET and Visual Studio. Published on 2026-04-14T18:17:27.700, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-20 (Improper Input Validation) and CWE-121 (Stack-based Buffer Overflow).
An unauthorized attacker can exploit this vulnerability remotely over a network with low attack complexity, requiring no privileges or user interaction. Successful exploitation leads to denial of service with high availability impact, but no compromise of confidentiality or integrity.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 provides details on patches and mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22591
Vulnerability details
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack buffer overflow (CWE-121) with AV:N and A:H impact directly enables T1499.004 Application or System Exploitation to crash the .NET/Visual Studio process or service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching directly addresses and eliminates the stack-based buffer overflow vulnerability as advised by Microsoft Security Response Center.
Information input validation at network interfaces prevents exploitation of improper input handling leading to stack-based buffer overflows.
Memory protection safeguards such as stack canaries and DEP prevent unauthorized code execution from stack-based buffer overflows causing denial of service.