HIGHCVE-2026-23666Published Modified CNA microsoft
CVE-2026-23666: .NET Framework Denial of Service Vulnerability
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 2.0.50727.8982 & 3.0.30729.8976
- Affected Products
- 6
Fix available
2.0.50727.8982 & 3.0.30729.89762.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.02.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.02.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.04.8.4801.0
Patch commits
Affected packages
- Microsoft / Microsoft .NET Framework 3.5< 2.0.50727.8982 & 3.0.30729.8976 (from 3.5.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.7.2< 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8< 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0 (from 4.8.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8.1< 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (from 4.8.1)
- Microsoft / Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2< 4.8.4801.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 4.8< 4.8.4801.0 (from 4.8.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C