CVE-2026-26127KEVEXPLOITEDPATCHED

microsoft · .net

.NET Denial of Service Vulnerability

Description

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Affected Products

Vendor	Product	Versions
microsoft	.net	10.0.0, 9.0.0, 10.0.0, 9.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
canonical	ubuntu linux	cert_advisory	90%
microsoft	asp.net	cert_advisory	90%
microsoft	.net	cert_advisory	90%
oracle	oracle linux	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127(vendor-advisory, patch)

Related News (1 articles)

Tier B

BSI Advisories5h ago

[UPDATE] [mittel] Microsoft ASP.NET und .NET: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

10.0.49.0.14

CWECWE-125

PublishedMar 10, 2026

Last enriched21d ago

Trending Score104🔥

Source articles1

Independent1

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 155

MEDIUMCVE-2026-32201EXPKEV

Microsoft SharePoint Server Spoofing Vulnerability

Trending: 133

CRITICALCVE-2026-40372EXP

ASP.NET Core Elevation of Privilege Vulnerability

Trending: 94

HIGHCVE-2026-32190

Microsoft Office Remote Code Execution Vulnerability

Trending: 55

HIGHCVE-2026-26130

ASP.NET Core Denial of Service Vulnerability

Trending: 38

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 10, 2026

Added to CISA KEV

Mar 10, 2026

Discovered by ZDM

Apr 1, 2026

Actively Exploited

Apr 14, 2026

Patch Available

Apr 14, 2026