Uncontrolled Resource Consumption Vulnerability in .NET Framework by Microsoft
CVE-2026-26171

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net 10.0; .net 8.0; .net 9.0
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-26171?

A vulnerability in the .NET Framework permits an unauthorized attacker to exploit uncontrolled resource consumption, potentially leading to a denial-of-service condition. This flaw enables adversaries to consume vast amounts of server resources, thereby disrupting service availability for legitimate users. Systems running affected versions of .NET may be at risk without appropriate security measures.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.6

.NET 8.0 8.0.0 < 8.0.26

.NET 9.0 9.0.0 < 9.0.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2026-26171 Data

JSON