Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
History

Sat, 18 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat
Redhat hummingbird
References
Metrics threat_severity

None

threat_severity

Important


Wed, 15 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Vendors & Products Microsoft visual Studio 2022

Wed, 15 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
Title .NET Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft .net
Microsoft visual Studio 2022
Microsoft visual Studio 2026
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .net
Microsoft visual Studio 2022
Microsoft visual Studio 2026
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-07-14T19:29:57.970Z

Updated: 2026-07-17T21:31:53.588Z

Reserved: 2026-06-05T14:33:50.830Z

Link: CVE-2026-50649

cve-icon Vulnrichment

Updated: 2026-07-15T11:00:39.975Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-14T19:29:57Z

Links: CVE-2026-50649 - Bugzilla