CVE-2026-32202
Published: April 19, 2026Last modified: May 4, 2026
Description
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | NONE |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 25 LTS | dotnet8-runtime | Fixed (8.0.26-r0) |
| Stream | dotnet8-runtime | Fixed (8.0.26-r0) |
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32202
- https://www.vicarius.io/vsociety/posts/cve-2026-32202-detection-script-spoofing-vulnerability-in-windows-shell
- https://www.vicarius.io/vsociety/posts/cve-2026-32202-mitigation-script-spoofing-vulnerability-in-windows-shell