VDB
GHSA-w3x6-4m5h-cxqf
GHSA-w3x6-4m5h-cxqf
PUBLISHED
CVSS 7.5 HIGH
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NuGet | System.Security.Cryptography.Xml | 9.0.0, 8.0.0, 10.0.0 |
Timeline
- Apr 14, 2026 CVE Published
- Apr 15, 2026 Security Advisory
- May 8, 2026 CVE Updated
References
- https://github.com/dotnet/runtime/security/advisories/GHSA-w3x6-4m5h-cxqf url
- https://nvd.nist.gov/vuln/detail/CVE-2026-26171 advisory
- https://github.com/dotnet/announcements/issues/389 url
- https://github.com/dotnet/runtime package
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171 url