Vulnerability-Lookup

CVE-2026-33116 (GCVE-0-2026-33116)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-04-15 21:54

Title

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Summary

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-400 - Uncontrolled Resource Consumption
CWE-20 - Improper Input Validation

Assigner

microsoft

References

URL

FKIE_CVE-2026-33116

Vulnerability from fkie_nvd - Published: 2026-04-14 18:17 - Updated: 2026-04-14 18:17

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network."
    }
  ],
  "id": "CVE-2026-33116",
  "lastModified": "2026-04-14T18:17:33.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-04-14T18:17:33.903",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

MSRC_CVE-2026-33116

Vulnerability from csaf_microsoft - Published: 2026-04-14 07:00 - Updated: 2026-04-14 07:00

Summary

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-33116

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Vendor Fix 10.0.6:Security Update:https://support.microsoft.com/help/5086095 https://support.microsoft.com/help/5086095

Vendor Fix 8.0.26:Security Update:https://support.microsoft.com/help/5086096 https://support.microsoft.com/help/5086096

Vendor Fix 9.0.15:Security Update:https://support.microsoft.com/help/5086097 https://support.microsoft.com/help/5086097

Vendor Fix 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082411 https://support.microsoft.com/help/5082411

Vendor Fix 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082403 https://support.microsoft.com/help/5082403

Vendor Fix 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082414 https://support.microsoft.com/help/5082414

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082427 https://support.microsoft.com/help/5082427

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082426 https://support.microsoft.com/help/5082426

Vendor Fix 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0:Security Update:https://support.microsoft.com/help/5082413 https://support.microsoft.com/help/5082413

Vendor Fix 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082400 https://support.microsoft.com/help/5082400

Vendor Fix 4.7.4141.0:Security Update:https://support.microsoft.com/help/5082402 https://support.microsoft.com/help/5082402

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082425 https://support.microsoft.com/help/5082425

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082419 https://support.microsoft.com/help/5082419

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082424 https://support.microsoft.com/help/5082424

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082417 https://support.microsoft.com/help/5082417

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082418 https://support.microsoft.com/help/5082418

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082420 https://support.microsoft.com/help/5082420

Vendor Fix 2.0.50727.8982 & 3.0.30729.8976:Security Update:https://support.microsoft.com/help/5082398 https://support.microsoft.com/help/5082398

Vendor Fix 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082421 https://support.microsoft.com/help/5082421

References

URL

Category

	https://msrc.microsoft.com/update-guide/vulnerabi…	self
	https://msrc.microsoft.com/csaf/advisories/2026/m…	self
	https://www.microsoft.com/en-us/msrc/exploitabili…	external
	https://support.microsoft.com/lifecycle	external
	https://www.first.org/cvss	external
	https://msrc.microsoft.com/update-guide/vulnerabi…	self
	https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Ludvig Pedersen

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ludvig Pedersen"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116"
      },
      {
        "category": "self",
        "summary": "CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-33116.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
    "tracking": {
      "current_release_date": "2026-04-14T07:00:00.000Z",
      "generator": {
        "date": "2026-04-14T16:56:51.853Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-33116",
      "initial_release_date": "2026-04-14T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-14T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.6",
            "product": {
              "name": ".NET 10.0 installed on Mac OS \u003c10.0.6",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.6",
            "product": {
              "name": ".NET 10.0 installed on Mac OS 10.0.6",
              "product_id": "20838"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 10.0 installed on Mac OS"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.6",
            "product": {
              "name": ".NET 10.0 installed on Linux \u003c10.0.6",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.6",
            "product": {
              "name": ".NET 10.0 installed on Linux 10.0.6",
              "product_id": "20839"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 10.0 installed on Linux"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c8.0.26",
            "product": {
              "name": ".NET 8.0 \u003c8.0.26",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "8.0.26",
            "product": {
              "name": ".NET 8.0 8.0.26",
              "product_id": "12260"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 8.0"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Windows \u003c8.0.26",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Windows 8.0.26",
              "product_id": "12414"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 8.0 installed on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Linux \u003c8.0.26",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Linux 8.0.26",
              "product_id": "12415"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 8.0 installed on Linux"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Linux \u003c9.0.15",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Linux 9.0.15",
              "product_id": "12432"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 9.0 installed on Linux"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Mac OS \u003c8.0.26",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "8.0.26",
            "product": {
              "name": ".NET 8.0 installed on Mac OS 8.0.26",
              "product_id": "12416"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 8.0 installed on Mac OS"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Windows \u003c9.0.15",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Windows 9.0.15",
              "product_id": "12434"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 9.0 installed on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Mac OS \u003c9.0.15",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "9.0.15",
            "product": {
              "name": ".NET 9.0 installed on Mac OS 9.0.15",
              "product_id": "12433"
            }
          }
        ],
        "category": "product_name",
        "name": ".NET 9.0 installed on Mac OS"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "49"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10852"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "50"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10853"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "51"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10378"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "52"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10379"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "53"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10483"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 \u003c4.8.4801.0",
              "product_id": "54"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.8 4.8.4801.0",
              "product_id": "11650-10543"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "38"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11568"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "39"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11569"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "40"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11570"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "41"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11923"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "42"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11924"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "43"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11929"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "44"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11930"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "45"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-11931"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "46"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-12097"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "47"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-12098"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "48"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0",
              "product_id": "11676-12099"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "35"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "11677-11568"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "36"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "11677-11569"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 \u003c2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "37"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.7.2 2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0",
              "product_id": "11677-11570"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4.8.4801.0",
              "product_id": "31"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4.8.4801.0",
              "product_id": "11863-10378"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4.8.4801.0",
              "product_id": "32"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4.8.4801.0",
              "product_id": "11863-10379"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4.8.4801.0",
              "product_id": "33"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4.8.4801.0",
              "product_id": "11863-10483"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c4.8.4801.0",
              "product_id": "34"
            }
          },
          {
            "category": "product_version",
            "name": "4.8.4801.0",
            "product": {
              "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 4.8.4801.0",
              "product_id": "11863-10543"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-11923"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-11924"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-11929"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "13"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-11930"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "14"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-11931"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "15"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12085"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "16"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12086"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "17"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12097"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "18"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12098"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "19"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12099"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "20"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-20437"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "21"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-20438"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "22"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12242"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "23"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12243"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "24"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12244"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "25"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12389"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "26"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12390"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 \u003c2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "55"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "2472-10378"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 \u003c2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "56"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "2472-10379"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 \u003c2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "57"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "2472-10483"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 \u003c2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "58"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.8982 \u0026 3.0.30729.8976",
            "product": {
              "name": "Microsoft .NET Framework 3.5 2.0.50727.8982 \u0026 3.0.30729.8976",
              "product_id": "2472-10543"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "27"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12436"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "28"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-20854"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "29"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-12437"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 \u003c2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "30"
            }
          },
          {
            "category": "product_version",
            "name": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
            "product": {
              "name": "Microsoft .NET Framework 3.5 AND 4.8.1 2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0",
              "product_id": "12079-21196"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33116",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "11650-10378",
          "11650-10379",
          "11650-10483",
          "11650-10543",
          "11650-10852",
          "11650-10853",
          "11676-11568",
          "11676-11569",
          "11676-11570",
          "11676-11923",
          "11676-11924",
          "11676-11929",
          "11676-11930",
          "11676-11931",
          "11676-12097",
          "11676-12098",
          "11676-12099",
          "11677-11568",
          "11677-11569",
          "11677-11570",
          "11863-10378",
          "11863-10379",
          "11863-10483",
          "11863-10543",
          "12079-11923",
          "12079-11924",
          "12079-11929",
          "12079-11930",
          "12079-11931",
          "12079-12085",
          "12079-12086",
          "12079-12097",
          "12079-12098",
          "12079-12099",
          "12079-12242",
          "12079-12243",
          "12079-12244",
          "12079-12389",
          "12079-12390",
          "12079-12436",
          "12079-12437",
          "12079-20437",
          "12079-20438",
          "12079-20854",
          "12079-21196",
          "12260",
          "12414",
          "12415",
          "12416",
          "12432",
          "12433",
          "12434",
          "20838",
          "20839",
          "2472-10378",
          "2472-10379",
          "2472-10483",
          "2472-10543"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25",
          "26",
          "27",
          "28",
          "29",
          "30",
          "31",
          "32",
          "33",
          "34",
          "35",
          "36",
          "37",
          "38",
          "39",
          "40",
          "41",
          "42",
          "43",
          "44",
          "45",
          "46",
          "47",
          "48",
          "49",
          "50",
          "51",
          "52",
          "53",
          "54",
          "55",
          "56",
          "57",
          "58"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116"
        },
        {
          "category": "self",
          "summary": "CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-33116.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "10.0.6:Security Update:https://support.microsoft.com/help/5086095",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://support.microsoft.com/help/5086095"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "8.0.26:Security Update:https://support.microsoft.com/help/5086096",
          "product_ids": [
            "9",
            "8",
            "7",
            "6"
          ],
          "url": "https://support.microsoft.com/help/5086096"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "9.0.15:Security Update:https://support.microsoft.com/help/5086097",
          "product_ids": [
            "5",
            "3",
            "4"
          ],
          "url": "https://support.microsoft.com/help/5086097"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "4.8.4801.0:Security Update:https://support.microsoft.com/help/5082411",
          "product_ids": [
            "49",
            "50"
          ],
          "url": "https://support.microsoft.com/help/5082411"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "4.8.4801.0:Security Update:https://support.microsoft.com/help/5082403",
          "product_ids": [
            "51",
            "52",
            "53",
            "54"
          ],
          "url": "https://support.microsoft.com/help/5082403"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082414",
          "product_ids": [
            "38",
            "39",
            "40"
          ],
          "url": "https://support.microsoft.com/help/5082414"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082427",
          "product_ids": [
            "41",
            "42"
          ],
          "url": "https://support.microsoft.com/help/5082427"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.4801.0:Security Update:https://support.microsoft.com/help/5082426",
          "product_ids": [
            "43",
            "44",
            "45",
            "46",
            "47",
            "48"
          ],
          "url": "https://support.microsoft.com/help/5082426"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9068 \u0026 3.0.30729.9065 \u0026 4.7.4141.0:Security Update:https://support.microsoft.com/help/5082413",
          "product_ids": [
            "35",
            "36",
            "37"
          ],
          "url": "https://support.microsoft.com/help/5082413"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "4.8.4801.0:Security Update:https://support.microsoft.com/help/5082400",
          "product_ids": [
            "31",
            "32"
          ],
          "url": "https://support.microsoft.com/help/5082400"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "4.7.4141.0:Security Update:https://support.microsoft.com/help/5082402",
          "product_ids": [
            "33",
            "34"
          ],
          "url": "https://support.microsoft.com/help/5082402"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082425",
          "product_ids": [
            "10",
            "11"
          ],
          "url": "https://support.microsoft.com/help/5082425"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082419",
          "product_ids": [
            "12",
            "13",
            "14",
            "17",
            "18",
            "19"
          ],
          "url": "https://support.microsoft.com/help/5082419"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082424",
          "product_ids": [
            "15",
            "16",
            "22",
            "23"
          ],
          "url": "https://support.microsoft.com/help/5082424"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082417",
          "product_ids": [
            "20",
            "21",
            "27",
            "29"
          ],
          "url": "https://support.microsoft.com/help/5082417"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082418",
          "product_ids": [
            "24"
          ],
          "url": "https://support.microsoft.com/help/5082418"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082420",
          "product_ids": [
            "25",
            "26"
          ],
          "url": "https://support.microsoft.com/help/5082420"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.8982 \u0026 3.0.30729.8976:Security Update:https://support.microsoft.com/help/5082398",
          "product_ids": [
            "55",
            "56",
            "57",
            "58"
          ],
          "url": "https://support.microsoft.com/help/5082398"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "2.0.50727.9181 \u0026 3.0.30729.9165 \u0026 4.8.9332.0:Security Update:https://support.microsoft.com/help/5082421",
          "product_ids": [
            "28",
            "30"
          ],
          "url": "https://support.microsoft.com/help/5082421"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32",
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43",
            "44",
            "45",
            "46",
            "47",
            "48",
            "49",
            "50",
            "51",
            "52",
            "53",
            "54",
            "55",
            "56",
            "57",
            "58"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Denial of Service"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
    }
  ]
}

GHSA-37GX-XXP4-5RGX

Vulnerability from github – Published: 2026-04-14 23:30 – Updated: 2026-04-15 16:44

Summary

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Details

Executive Summary:

Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Xml. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in EncryptedXml class where an attacker can cause an infinite loop and perform a Denial of Service attack.

Announcement

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/12345

CVSS Details

Version: 3.1
Severity: High
Score: 7.5
Vector: 7.5 CVSS: 3.1AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Weakness: CWE-835 CWE-400 CWE-20: Loop with Unreachable Exit Condition ('Infinite Loop') Uncontrolled Resource Consumption Improper Input Validation

Affected Platforms

Platforms: All
Architectures: All

Affected Packages

The vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below

.NET 10

Package name	Affected version	Patched version
System.Security.Cryptography.Xml	>=10.0.0, <=10.0.5	10.0.6

.NET 9

Package name	Affected version	Patched version
System.Security.Cryptography.Xml	>=9.0.0, <=9.0.14	9.0.15

.NET 8

Package name	Affected version	Patched version
System.Security.Cryptography.Xml	>=8.0.0, <=8.0.2	8.0.3

Advisory FAQ

How do I know if I am affected?

If using a package listed in affected packages, you're exposed to the vulnerability.

How do I fix the issue?

To update the Using the System.Security.Cryptography.xml NuGet package, use one of the following methods:

NuGet Package Manager UI in Visual Studio: - Open your project in Visual Studio. - Right-click on your project in Solution Explorer and select "Manage NuGet Packages..." or navigate to "Project > Manage NuGet Packages". - In the NuGet Package Manager window, select the "Updates" tab. This tab lists packages with available updates from your configured package sources. - Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version. - Click the "Update" button.

Using the NuGet Package Manager Console in Visual Studio: - Open your project in Visual Studio. - Navigate to "Tools > NuGet Package Manager > Package Manager Console". - To update a specific package to its latest version, use the following Update-Package command:

Update-Package -Id System.Security.Cryptography.xml

Using the .NET CLI (Command Line Interface): - Open a terminal or command prompt in your project's directory. - To update a specific package to its latest version, use the following add package command:

dotnet add package System.Security.Cryptography.xml

Once you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.

Other Information

Reporting Security Issues

If you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the MSRC Researcher Portal. Further information can be found in the MSRC Report an Issue FAQ.

Security reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.

Support

You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

External Links

CVE-2026-33116

Acknowledgements

Ludvig Pedersen

Revisions

V1.0 (April 14, 2026): Advisory published.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.0.5"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Security.Cryptography.Xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.0.14"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Security.Cryptography.Xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.0.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.0.2"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Security.Cryptography.Xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-400",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T23:30:27Z",
    "nvd_published_at": "2026-04-14T18:17:33Z",
    "severity": "HIGH"
  },
  "details": "## Executive Summary: \n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Xml. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exists in EncryptedXml class where an attacker can cause an infinite loop and perform a Denial of Service attack.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/12345\n\n## CVSS Details\n\n- **Version:** 3.1\n- **Severity:** High\n- **Score:** 7.5\n- **Vector:** 7.5 CVSS:\u202f3.1AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C\n- **Weakness:** CWE-835 CWE-400 CWE-20: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) Uncontrolled Resource Consumption Improper Input Validation\n\n## Affected Platforms\n\n- **Platforms:** All\n- **Architectures:** All\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### \u003ca name=\".NET 10\"\u003e\u003c/a\u003e.NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)               | \u003e=10.0.0, \u003c=10.0.5 | 10.0.6\n\n### \u003ca name=\".NET 9\"\u003e\u003c/a\u003e.NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)               | \u003e=9.0.0, \u003c=9.0.14 | 9.0.15\n\n### \u003ca name=\".NET 8\"\u003e\u003c/a\u003e.NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)               | \u003e=8.0.0, \u003c=8.0.2 | 8.0.3\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf using a package listed in [affected packages](#affected-packages), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.xml NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project \u003e Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools \u003e NuGet Package Manager \u003e Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```Update-Package -Id System.Security.Cryptography.xml```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project\u0027s directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```dotnet add package System.Security.Cryptography.xml```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-33116]( https://www.cve.org/CVERecord?id=CVE-2026-33116)\n\n### Acknowledgements\n\nLudvig Pedersen\n\n### Revisions\n\nV1.0 (April 14, 2026): Advisory published.",
  "id": "GHSA-37gx-xxp4-5rgx",
  "modified": "2026-04-15T16:44:52Z",
  "published": "2026-04-14T23:30:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/runtime/security/advisories/GHSA-37gx-xxp4-5rgx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33116"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/announcements/issues/12345"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dotnet/runtime"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Microsoft Security Advisory CVE-2026-33116 \u2013 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability "
}

NCSC-2026-0114

Vulnerability from csaf_ncscnl - Published: 2026-04-14 19:18 - Updated: 2026-04-14 19:18

Summary

Kwetsbaarheden verholpen in Microsoft Developer tools

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in .NET, .NET Framework, Visual Studio en PowerShell.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Toegang tot gevoelige gegevens - Omzeilen van een beveiligingsmaatregel - Spoofing ``` .NET, .NET Framework, Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33116 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| Microsoft PowerShell: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-26143 | 7,80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| GitHub Copilot and Visual Studio Code: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-23653 | 5,70 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| .NET and Visual Studio: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32203 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| .NET Framework: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32226 | 5,90 | Denial-of-Service | | CVE-2026-23666 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| .NET: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32178 | 7,50 | Voordoen als andere gebruiker | | CVE-2026-26171 | 7,50 | Denial-of-Service | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-755: Improper Handling of Exceptional Conditions

CWE-400: Uncontrolled Resource Consumption

CWE-611: Improper Restriction of XML External Entity Reference

CWE-138: Improper Neutralization of Special Elements

CWE-121: Stack-based Buffer Overflow

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-20: Improper Input Validation

CVE-2026-23653

Improper neutralization of special elements in commands ('command injection') in GitHub Copilot and Visual Studio Code allows authorized attackers to disclose information over a network.

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2026-23666

A race condition in the .NET Framework's concurrent execution of shared resources allows unauthorized attackers to cause a denial of service over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2026-26143

Improper input validation in Microsoft PowerShell enables a local unauthorized attacker to bypass security features, potentially compromising system integrity.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE-2026-26171

Uncontrolled resource consumption vulnerabilities in the .NET framework allow unauthorized attackers to cause denial of service conditions over a network by exhausting system resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-611 - Improper Restriction of XML External Entity Reference

CVE-2026-32178

Improper neutralization of special elements in the .NET framework allows unauthorized attackers to conduct network spoofing attacks, compromising network integrity and security.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CVE-2026-32203

A stack-based buffer overflow vulnerability in .NET and Visual Studio allows an unauthorized attacker to cause a denial of service over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

CVE-2026-32226

A race condition in the .NET Framework's concurrent execution of shared resources allows unauthorized attackers to cause a denial of service over a network.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2026-33116

An infinite loop vulnerability in .NET, .NET Framework, and Visual Studio can be exploited by unauthorized attackers to cause a denial of service over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

URL

Category

	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
	https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in .NET, .NET Framework, Visual Studio en PowerShell.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Toegang tot gevoelige gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Spoofing\n\n```\n.NET, .NET Framework, Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33116 | 7,50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nMicrosoft PowerShell: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-26143 | 7,80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-23653 | 5,70 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\n.NET and Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32203 | 7,50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n.NET Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32226 | 5,90 | Denial-of-Service                   | \n| CVE-2026-23666 | 7,50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32178 | 7,50 | Voordoen als andere gebruiker       | \n| CVE-2026-26171 | 7,50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Improper Handling of Exceptional Conditions",
        "title": "CWE-755"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements",
        "title": "CWE-138"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Developer tools",
    "tracking": {
      "current_release_date": "2026-04-14T19:18:58.666745Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0114",
      "initial_release_date": "2026-04-14T19:18:58.666745Z",
      "revision_history": [
        {
          "date": "2026-04-14T19:18:58.666745Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.7.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 20H2 (Server Core Installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-37"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-38"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-39"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-40"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-41"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-42"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-43"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-44"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for ARM systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-45"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 25H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-46"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for ARM64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-47"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 26H1 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-48"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 26H1 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-49"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-50"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-51"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-52"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-53"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2025 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-54"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 on Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-55"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-56"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 on Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-57"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-58"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-59"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-60"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-61"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-62"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-63"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-64"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-65"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-66"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-67"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-68"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-69"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-70"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Visual Studio 2022 version 17.12"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-71"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Visual Studio 2022 version 17.14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-72"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Visual Studio Code CoPilot Chat Extension"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-73"
                }
              }
            ],
            "category": "product_name",
            "name": "PowerShell 7.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-74"
                }
              }
            ],
            "category": "product_name",
            "name": "PowerShell 7.5"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-23653",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "Improper neutralization of special elements in commands (\u0027command injection\u0027) in GitHub Copilot and Visual Studio Code allows authorized attackers to disclose information over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-23653 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-23653.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-23653"
    },
    {
      "cve": "CVE-2026-23666",
      "notes": [
        {
          "category": "description",
          "text": "A race condition in the .NET Framework\u0027s concurrent execution of shared resources allows unauthorized attackers to cause a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-23666 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-23666.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-23666"
    },
    {
      "cve": "CVE-2026-26143",
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation in Microsoft PowerShell enables a local unauthorized attacker to bypass security features, potentially compromising system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26143 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26143.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-26143"
    },
    {
      "cve": "CVE-2026-26171",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "description",
          "text": "Uncontrolled resource consumption vulnerabilities in the .NET framework allow unauthorized attackers to cause denial of service conditions over a network by exhausting system resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-26171 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-26171.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-26171"
    },
    {
      "cve": "CVE-2026-32178",
      "notes": [
        {
          "category": "description",
          "text": "Improper neutralization of special elements in the .NET framework allows unauthorized attackers to conduct network spoofing attacks, compromising network integrity and security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32178 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32178.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-32178"
    },
    {
      "cve": "CVE-2026-32203",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability in .NET and Visual Studio allows an unauthorized attacker to cause a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32203 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32203.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-32203"
    },
    {
      "cve": "CVE-2026-32226",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in the .NET Framework\u0027s concurrent execution of shared resources allows unauthorized attackers to cause a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32226 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32226.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-32226"
    },
    {
      "cve": "CVE-2026-33116",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "description",
          "text": "An infinite loop vulnerability in .NET, .NET Framework, and Visual Studio can be exploited by unauthorized attackers to cause a denial of service over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36",
          "CSAFPID-37",
          "CSAFPID-38",
          "CSAFPID-39",
          "CSAFPID-40",
          "CSAFPID-41",
          "CSAFPID-42",
          "CSAFPID-43",
          "CSAFPID-44",
          "CSAFPID-45",
          "CSAFPID-46",
          "CSAFPID-47",
          "CSAFPID-48",
          "CSAFPID-49",
          "CSAFPID-50",
          "CSAFPID-51",
          "CSAFPID-52",
          "CSAFPID-53",
          "CSAFPID-54",
          "CSAFPID-55",
          "CSAFPID-56",
          "CSAFPID-57",
          "CSAFPID-58",
          "CSAFPID-59",
          "CSAFPID-60",
          "CSAFPID-61",
          "CSAFPID-62",
          "CSAFPID-63",
          "CSAFPID-64",
          "CSAFPID-65",
          "CSAFPID-66",
          "CSAFPID-67",
          "CSAFPID-68",
          "CSAFPID-69",
          "CSAFPID-70",
          "CSAFPID-71",
          "CSAFPID-72",
          "CSAFPID-73",
          "CSAFPID-74"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33116 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33116.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36",
            "CSAFPID-37",
            "CSAFPID-38",
            "CSAFPID-39",
            "CSAFPID-40",
            "CSAFPID-41",
            "CSAFPID-42",
            "CSAFPID-43",
            "CSAFPID-44",
            "CSAFPID-45",
            "CSAFPID-46",
            "CSAFPID-47",
            "CSAFPID-48",
            "CSAFPID-49",
            "CSAFPID-50",
            "CSAFPID-51",
            "CSAFPID-52",
            "CSAFPID-53",
            "CSAFPID-54",
            "CSAFPID-55",
            "CSAFPID-56",
            "CSAFPID-57",
            "CSAFPID-58",
            "CSAFPID-59",
            "CSAFPID-60",
            "CSAFPID-61",
            "CSAFPID-62",
            "CSAFPID-63",
            "CSAFPID-64",
            "CSAFPID-65",
            "CSAFPID-66",
            "CSAFPID-67",
            "CSAFPID-68",
            "CSAFPID-69",
            "CSAFPID-70",
            "CSAFPID-71",
            "CSAFPID-72",
            "CSAFPID-73",
            "CSAFPID-74"
          ]
        }
      ],
      "title": "CVE-2026-33116"
    }
  ]
}

CERTFR-2026-AVI-0443

Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15

De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	.Net	.NET 8.0 versions antérieures à 8.0.26
Microsoft	.Net	Microsoft .NET Framework 3.5 versions antérieures à 2.0.50727.8982 et 3.0.30729.8976
Microsoft	.Net	.NET 8.0 installé sur Windows versions antérieures à 8.0.26
Microsoft	.Net	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4141.0
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 2.0.50727.9181, 3.0.30729.9165 et 4.8.9332.0
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 2.0.50727.9181, 3.0.30729.9165 et 4.8.4801.0
Microsoft	.Net	.NET 10.0 installé sur Linux versions antérieures à 10.0.6
Microsoft	.Net	.NET 8.0 installé sur Linux versions antérieures à 8.0.26
Microsoft	.Net	.NET 9.0 installé sur Mac OS versions antérieures à 9.0.15
Microsoft	.Net	.NET 10.0 installé sur Windows versions antérieures à 10.0.6
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 2.0.50727.9068, 3.0.30729.9065 et 4.7.4141.0
Microsoft	.Net	.NET 8.0 installé sur Mac OS versions antérieures à 8.0.26
Microsoft	.Net	Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 2.0.50727.9068, 3.0.30729.9065 et 4.8.4801.0
Microsoft	.Net	.NET 9.0 installé sur Linux versions antérieures à 9.0.15
Microsoft	.Net	.NET 9.0 installé sur Windows versions antérieures à 9.0.15
Microsoft	.Net	Microsoft .NET Framework 4.8 versions antérieures à 4.8.4801.0
Microsoft	.Net	.NET 10.0 installé sur Mac OS versions antérieures à 10.0.6

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33116 (GCVE-0-2026-33116)

FKIE_CVE-2026-33116

MSRC_CVE-2026-33116

GHSA-37GX-XXP4-5RGX

Executive Summary:

Announcement

CVSS Details

Affected Platforms

Affected Packages

.NET 10

.NET 9

.NET 8

Advisory FAQ

How do I know if I am affected?

How do I fix the issue?

Other Information

Reporting Security Issues

Support

Disclaimer

External Links

Acknowledgements

Revisions

NCSC-2026-0114

CERTFR-2026-AVI-0443

Solutions

Tags

Sightings

Nomenclature