Live Exposure Defense: From CVE to Confirmed Exposure in 12 Hours – See more

New CVE Detected

CVE-2026-50528 – Authorization Bypass (Security Feature Bypass) – Microsoft .NET 8 / 9 / 10 (SslS…

Be the first to know when new zero-days emerge:

Summary

CVE-2026-50528 is a Security Feature Bypass vulnerability (CWE-863: Incorrect Authorization) in the SslStream TLS/SSL implementation of Microsoft .NET, affecting .NET 8, .NET 9, and .NET 10. An unauthenticated remote attacker can exploit this flaw to bypass authorization checks performed during encrypted TLS communications, resulting in a high integrity impact. With a CVSS v3.1 base score of 8.2 (High), this vulnerability was patched by Microsoft on July 14, 2026 as part of the July 2026 Patch Tuesday release.

Technical details

  • Root cause: Incorrect authorization handling in the SslStream implementation (System.Net.Security) allows authorization logic to be bypassed during TLS/SSL connection processing.
  • Trigger conditions: The vulnerability can be triggered remotely by an unauthenticated attacker over the network with no user interaction required (AV:N/AC:L/PR:N/UI:N).
  • Attack vector: Network-accessible; targets any internet-facing application built on vulnerable .NET runtime versions that processes TLS connections via SslStream.
  • Impact: An attacker who successfully exploits this vulnerability can bypass security authorization controls, leading to unauthorized modification or access to data (Integrity: High, Confidentiality: Low, Availability: None). Self-contained deployments must be recompiled and redeployed against a patched runtime to be fully remediated.

Affected software

  • .NET 8.0: versions 8.0.0 through 8.0.28
  • .NET 9.0: versions 9.0.0 through 9.0.17
  • .NET 10.0: versions 10.0.0 through 10.0.9
  • Visual Studio 2022 and Visual Studio 2026: versions bundling the above affected .NET runtimes

Severity

CVSS v3.1 Base Score: 8.2 (High)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Mitigation and recommended actions

  • Immediate – apply patches: Upgrade to the following fixed .NET runtime versions released July 14, 2026:
    • .NET 8.0 → 8.0.29
    • .NET 9.0 → 9.0.18
    • .NET 10.0 → 10.0.10
  • Applications using framework-dependent deployments should update their .NET runtime installation and restart affected services.
  • Applications built as self-contained deployments must be recompiled against the patched SDK and redeployed.
  • Visual Studio users should apply the corresponding Visual Studio 2022 / 2026 updates that bundle the fixed .NET SDK versions.
  • No workarounds have been published by Microsoft; patching is the only confirmed remediation.

IONIX Status

The IONIX research team is tracking ongoing exploitation attempts and recommends immediate patching. Potentially affected assets are outlined in this post.

References

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

How IONIX’s External Exposure Management Platform Detects and Validates
Zero-Days to Shrink MTTR

1

Map your entire attack surface (continously)

IONIX uses multi-factor discovery methods, including DNS analysis, certificate mapping, metadata inspection, and more, to automatically map every internet-facing asset across your environment. This includes cloud instances, third-party platforms, shadow IT, and even forgotten infrastructure that traditional tools miss.

2

Monitor for new CVEs

Dozens of threat intel feeds using agentic technology are continuously analyzed to detect the appearance of proof-of-concept code, exploit kits, and indicators of active targeting. IONIX goes further by applying AI to proactively evaluate whether emerging vulnerabilities are likely to be exploited, even before PoCs go public.

3

Identify Potential External Exposures

Not all CVEs matter. IONIX filters vulnerabilities by asking attacker-centric questions: Can it be reached from the internet? Does it require authentication? Is it being exploited in the wild? This dramatically reduces noise and focuses teams on threats that can actually be weaponized.

4

Create Safe, Scalable Exploit Validations

IONIX transforms real-world PoCs into safe, non-intrusive test payloads that can be run in production environments without disruption. These simulations are precisely targeted to the systems that are vulnerable, ensuring rapid validation without unnecessary load.

5

Execute Exploit Validations

By combining context about software stack, versioning, exposure status, and reachability, IONIX ensures that only the right payloads are executed against the right assets, maximizing efficiency and minimizing risk.

6

Drive Fast and Actionable Remediation

Results are routed through integrations with ticketing, SOAR, and SIEM tools. Issues are written in plain language, bundled into remediation clusters, and prioritized based on asset criticality, exploitability, and blast radius. This shortens mean time to remediation (MTTR) and empowers teams to act with confidence.

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

Subscribe to Threat Center RSS

Copy/paste the link below into your preferred RSS reader or follow these instructions to subscribe to Slack alerts.

Get Real-Time CVE Alerts to Your Email

Be the first to know when new zero-days emerge