2476651 – (CVE-2026-32175) CVE-2026-32175 dotnet: .NET: improper handling of files allows an attacker to write to certain locations

Bug 2476651 (CVE-2026-32175) - CVE-2026-32175 dotnet: .NET: improper handling of files allows an attacker to write to certain locations

Summary: CVE-2026-32175 dotnet: .NET: improper handling of files allows an attacker to...

Keywords:
Status:	NEW
Alias:	CVE-2026-32175
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-12 18:05 UTC by OSIDB Bzimport
Modified:	2026-05-27 16:23 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-12 18:05:18 UTC

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Note You need to log in before you can comment on or make changes to this bug.