HIGHCVE-2026-33116Published Modified CNA microsoft
CVE-2026-33116: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 2.0.50727.8982 & 3.0.30729.8976
- Affected Products
- 10
Fix available
2.0.50727.8982 & 3.0.30729.89762.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.02.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.02.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.04.8.4801.08.0.269.0.1510.0.6
Affected packages
- Microsoft / .NET 10.0< 10.0.6 (from 10.0.0)
- Microsoft / .NET 8.0< 8.0.26 (from 8.0)
- Microsoft / .NET 8.0< 8.0.26 (from 8.0.0)
- Microsoft / .NET 9.0< 9.0.15 (from 9.0.0)
- Microsoft / Microsoft .NET Framework 3.5< 2.0.50727.8982 & 3.0.30729.8976 (from 3.5.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.7.2< 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8< 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0 (from 4.8.0)
- Microsoft / Microsoft .NET Framework 3.5 AND 4.8.1< 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0 (from 4.8.1)
- Microsoft / Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2< 4.8.4801.0 (from 4.7.0)
- Microsoft / Microsoft .NET Framework 4.8< 4.8.4801.0 (from 4.8.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C