Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

GHSA-gvvw-8j96-8g5r | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceGHSA-gvvw-8j96-8g5r

GHSA-gvvw-8j96-8g5r

CRITICAL9.8

MsQuic has a Remote Elevation of Privilege Vulnerability

Published Apr 16, 2026

Modified 1 weeks ago

Fix available

Details

Summary

Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network.

Details

Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame.

Patches

Fix underflow in ACK frame parsing - 1e6e999b

Impact

An attacker who successfully exploited this vulnerability could gain elevated privileges.

MSRC CVE Info

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32179

Affected Packages

Microsoft.Native.Quic.MsQuic.OpenSSL

NuGet

Fixed in:

2.4.18

Microsoft.Native.Quic.MsQuic.OpenSSL

NuGet

Fixed in:

2.5.7

Microsoft.Native.Quic.MsQuic.Schannel

NuGet

Fixed in:

2.4.18

Microsoft.Native.Quic.MsQuic.Schannel

NuGet

Fixed in:

2.5.7

References

ADVISORY

https://github.com/advisories/GHSA-gvvw-8j96-8g5r

PACKAGE

https://github.com/microsoft/msquic

WEB

https://github.com/microsoft/msquic/commit/1e6e999b199430effeefee3d85baa0c9dd35ad5e

WEB

https://github.com/microsoft/msquic/security/advisories/GHSA-gvvw-8j96-8g5r

Aliases

CVE-2026-32179

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-32179

Ecosystems

NuGet

Timeline

PublishedApr 16, 2026

ModifiedApr 16, 2026