High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-32178
HighVulnerability Description
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-32178
CVE-2026-32178
RHSA-2026:8467
RHSA-2026:8467: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8470
RHSA-2026:8470: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8472
RHSA-2026:8472: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8468
RHSA-2026:8468: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8475
RHSA-2026:8475: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8469
RHSA-2026:8469: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8471
RHSA-2026:8471: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8474
RHSA-2026:8474: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
RHSA-2026:8473
RHSA-2026:8473: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
References & Resources
Severity Details
Weakness Type (CWE)
Improper Neutralization of Special Elements
- Description
- The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 14, 2026
