CVE-2026-26171 — Vulnetix

CVE-2026-26171 PUBLISHED CVSS 7.5 HIGH

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability

EPSS 3.08% · 87.0th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

EPSS Score

3.08%

87.0th percentile

Affected Products

Vendor	Product	Versions
microsoft	.net	8.0.0, 10.0.0, 9.0.0
Microsoft	.NET 10.0	10.0.0
Microsoft	.NET 9.0	9.0.0
NuGet	System.Security.Cryptography.Xml	8.0.0, 9.0.0, 10.0.0
Microsoft	.NET 8.0	8.0.0

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 PoC Published
Apr 14, 2026 PoC Published
Apr 15, 2026 Security Advisory
Apr 15, 2026 Security Advisory
Apr 16, 2026 Distribution Patch
Apr 16, 2026 Security Advisory
Apr 16, 2026 Distribution Patch
Apr 16, 2026 Security Advisory
Apr 16, 2026 Distribution Patch
Apr 16, 2026 Security Advisory
Apr 16, 2026 Distribution Patch

References

.NET Denial of Service Vulnerability vendor-advisory
https://github.com/dotnet/runtime/security/advisories/GHSA-w3x6-4m5h-cxqf url
https://nvd.nist.gov/vuln/detail/CVE-2026-26171 advisory
https://github.com/dotnet/runtime package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›