Back to overview

CVE-2026-50650

HIGH
7.8
CVSS 3.1

Metadata

CVE ID
CVE-2026-50650
State
PUBLISHED
Assigner
microsoft
Reserved
2026-06-05 14:33 UTC
Published
2026-07-14 19:29 UTC
Last updated
2026-07-14 19:40 UTC
Primary CWE
CWE-94
CWE-94: Improper Control of Generation of Code ('Code Inject…
Vendor / Product
Microsoft / .NET 8.0
Sources
cve.org  ·  NVD

Severity & Metrics

7.8 HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products (11)
VendorProductPlatformVersions
Microsoft .NET 8.0 8.0.0 < 8.0.29
Microsoft .NET 9.0 9.0.0 < 9.0.18
Microsoft Microsoft .NET Framework 3.5 Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation) 3.5.0 < 2.0.50727.8983 & 3.0.30729.8978
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Se 4.7.0 < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for 3 4.8.0 < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 4.8.1 < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation) 4.7.0 < 4.7.4143.0
Microsoft Microsoft .NET Framework 4.8 Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows Server 2016,Window 4.8.0 < 4.8.4803.0
Microsoft Microsoft Visual Studio 2022 version 17.12 17.12.0 < 17.12.22
Microsoft Microsoft Visual Studio 2022 version 17.14 17.14.0 < 17.14.36
Microsoft Microsoft Visual Studio 2026 version 18.7 18.0 < 18.7.4
Weakness (CWE)
CWESourceDescription
CWE-94 cna CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.8 HIGH 3.1 cna CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References (1)
Back to overview