Skip to main content

Microsoft Net Framework 3 5 CVE-2026-23666

| EUVD-2026-22363 HIGH
Improper Handling of Exceptional Conditions (CWE-755)
2026-04-14 microsoft
Authentication Bypass Microsoft Net Framework 3 5 Microsoft Net Framework 3 5 And 4 7 2 Microsoft Net Framework 3 5 And 4 8 Microsoft Net Framework 3 5 And 4 8 1 Microsoft Net Framework 4 6 2 4 7 4 7 1 4 7 2 Microsoft Net Framework 4 8
7.5
CVSS 3.1 · NVD
Temporal: 6.7
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.7 MEDIUM
cvss
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 15, 2026 - 22:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:25 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22363
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.5

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

AnalysisAI

Denial of service in Microsoft .NET Framework 3.5 through 4.8.1 allows unauthenticated remote attackers to crash applications via race condition exploitation over a network. The vulnerability stems from improper synchronization when multiple threads access shared resources concurrently (CWE-755). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send concurrent network requests
Exploit
Trigger race condition in shared resource
Execution
Exhaust system resources
Impact
Cause denial of service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions — remote unauthenticated exploitation against default .NET Framework installations accepting concurrent network connections without authentication required. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is MODERATE despite the 7.5 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies an internet-facing web application or service built on vulnerable .NET Framework versions. The attacker crafts a series of concurrent HTTP requests designed to trigger simultaneous access to shared framework resources, exploiting the race condition in thread synchronization. …
Remediation Apply vendor-released patches immediately from Microsoft Update or Windows Server Update Services (WSUS). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: inventory all systems running .NET Framework 3.5, 4.6.2, 4.7.x, 4.8, or 4.8.1 and prioritize applications facing external network exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

CVE-2026-23666 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy