Denial of Service Vulnerability in .NET Framework and Visual Studio
CVE-2026-33116

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net 10.0; .net 8.0; .net 9.0; Microsoft .net Framework 3.5
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33116?

A vulnerability exists in .NET Framework and Visual Studio that allows unauthorized attackers to cause a denial of service through an infinite loop condition. This can lead to network disruption, potentially impacting availability for users. Applying the latest security updates is essential to protect against this vulnerability.

Affected Version(s)

.NET 10.0 10.0.0 < 10.0.6

.NET 8.0 8.0 < 8.0.26

.NET 8.0 8.0.0 < 8.0.26

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33116 Data

JSON

Microsoft

What is CVE-2026-33116?

Affected Version(s)

References

CVSS V3.1

Timeline