vulnerability
Red Hat: CVE-2026-32178: dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Apr 14, 2026 | Apr 17, 2026 | Apr 17, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Apr 14, 2026
Added
Apr 17, 2026
Modified
Apr 17, 2026
Description
A flaw was found in dotnet. A remote attacker could exploit a parsing flaw in the System.Net.Mail component, specifically within the MailAddress functionality. This vulnerability allows for SMTP (Simple Mail Transfer Protocol) Command Injection and Header Injection. Successful exploitation could lead to the disclosure of sensitive information.
Solutions
redhat-upgrade-aspnetcore-runtime-10-0redhat-upgrade-aspnetcore-runtime-8-0redhat-upgrade-aspnetcore-runtime-9-0redhat-upgrade-aspnetcore-runtime-dbg-10-0redhat-upgrade-aspnetcore-runtime-dbg-8-0redhat-upgrade-aspnetcore-runtime-dbg-9-0redhat-upgrade-aspnetcore-targeting-pack-10-0redhat-upgrade-aspnetcore-targeting-pack-8-0redhat-upgrade-aspnetcore-targeting-pack-9-0redhat-upgrade-dotnet-apphost-pack-10-0redhat-upgrade-dotnet-apphost-pack-10-0-debuginforedhat-upgrade-dotnet-apphost-pack-8-0redhat-upgrade-dotnet-apphost-pack-8-0-debuginforedhat-upgrade-dotnet-apphost-pack-9-0redhat-upgrade-dotnet-apphost-pack-9-0-debuginforedhat-upgrade-dotnet-hostredhat-upgrade-dotnet-host-debuginforedhat-upgrade-dotnet-hostfxr-10-0redhat-upgrade-dotnet-hostfxr-10-0-debuginforedhat-upgrade-dotnet-hostfxr-8-0redhat-upgrade-dotnet-hostfxr-8-0-debuginforedhat-upgrade-dotnet-hostfxr-9-0redhat-upgrade-dotnet-hostfxr-9-0-debuginforedhat-upgrade-dotnet-runtime-10-0redhat-upgrade-dotnet-runtime-10-0-debuginforedhat-upgrade-dotnet-runtime-8-0redhat-upgrade-dotnet-runtime-8-0-debuginforedhat-upgrade-dotnet-runtime-9-0redhat-upgrade-dotnet-runtime-9-0-debuginforedhat-upgrade-dotnet-runtime-dbg-10-0redhat-upgrade-dotnet-runtime-dbg-8-0redhat-upgrade-dotnet-runtime-dbg-9-0redhat-upgrade-dotnet-sdk-10-0redhat-upgrade-dotnet-sdk-10-0-debuginforedhat-upgrade-dotnet-sdk-10-0-source-built-artifactsredhat-upgrade-dotnet-sdk-8-0redhat-upgrade-dotnet-sdk-8-0-debuginforedhat-upgrade-dotnet-sdk-8-0-source-built-artifactsredhat-upgrade-dotnet-sdk-9-0redhat-upgrade-dotnet-sdk-9-0-debuginforedhat-upgrade-dotnet-sdk-9-0-source-built-artifactsredhat-upgrade-dotnet-sdk-aot-10-0redhat-upgrade-dotnet-sdk-aot-10-0-debuginforedhat-upgrade-dotnet-sdk-aot-9-0redhat-upgrade-dotnet-sdk-aot-9-0-debuginforedhat-upgrade-dotnet-sdk-dbg-10-0redhat-upgrade-dotnet-sdk-dbg-8-0redhat-upgrade-dotnet-sdk-dbg-9-0redhat-upgrade-dotnet-targeting-pack-10-0redhat-upgrade-dotnet-targeting-pack-8-0redhat-upgrade-dotnet-targeting-pack-9-0redhat-upgrade-dotnet-templates-10-0redhat-upgrade-dotnet-templates-8-0redhat-upgrade-dotnet-templates-9-0redhat-upgrade-dotnet10-0-debuginforedhat-upgrade-dotnet10-0-debugsourceredhat-upgrade-dotnet8-0-debuginforedhat-upgrade-dotnet8-0-debugsourceredhat-upgrade-dotnet9-0-debuginforedhat-upgrade-dotnet9-0-debugsourceredhat-upgrade-netstandard-targeting-pack-2-1
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.