CVE-2026-50528 - .NET Security Feature Bypass Vulnerability - is an incorrect authorization issue in .NET that can allow authentication bypass and impersonation. Microsoft rates it as High severity with a CVSS v3.1 base score of 8.2 and temporal score of 7.1; the vector is network-based, with low attack complexity, no privileges required, no user interaction, and unchanged scope. Microsoft says it is not publicly disclosed, not exploited, and exploit code maturity is unproven. Customer action is required. Because the attack is remote and requires no authentication or user interaction, it is relevant for enterprise environments where exposed .NET services are reachable over the network. Highlights: - CVSS scores: Base 8.2 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Security Feature Bypass; FAQ indicates authentication can be bypassed and the issue allows impersonation. CVSS impacts are Confidentiality Low, Integrity High, Availability None. - Exploitation likelihood: Exploitation Less Likely; network vector, low attack complexity, no privileges required, and no user interaction. - Severity for enterprise: High technical severity due to a remote, unauthenticated attack path and High integrity impact; risk is higher for internet-exposed .NET services. - Patch status: available Affected systems: - No products listed in the source data.