What is the CVSS score of EUVD-2026-22635?

EUVD-2026-22635 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.9%.

Which versions of Net 10 0 are affected by EUVD-2026-22635?

CVE-2026-33116 is a high-severity denial-of-service vulnerability affecting Microsoft .NET Framework 3.5-4.8.1 and .NET 8.0-10.0 that allows unauthenticated remote attackers to crash .NET…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-22635?

Yes, a public proof-of-concept exploit is available for EUVD-2026-22635. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate EUVD-2026-22635?

Within 24 hours: Identify all systems running affected .NET versions (Framework 3.5-4.8.1, .NET 8.0, 9.0, 10.0) and prioritize internet-facing applications. Within 7 days: Apply vendor-released patches to all affected .NET Framework and .NET runtime installations; consult Microsoft Security Advisory for specific version numbers. Within 30 days: Complete remediation across all environments, validate patch deployment, and review network segmentation to restrict direct access to .NET services from untrusted sources.

Net 10 0 EUVD-2026-22635

| CVE-2026-33116 HIGH

Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)

2026-04-14 microsoft

GHSA-37gx-xxp4-5rgx

Denial Of Service Net 10 0 Net 8 0 Net 9 0 Microsoft Net Framework 3 5 Microsoft Net Framework 3 5 And 4 7 2 Microsoft Net Framework 3 5 And 4 8 Microsoft Net Framework 3 5 And 4 8 1 Microsoft Net Framework 4 6 2 4 7 4 7 1 4 7 2 Microsoft Net Framework 4 8

7.5

CVSS 3.1 · NVD

Temporal: 6.5

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

ENISA EUVD

HIGH

qualitative

CIRCL (temporal)

6.5 MEDIUM

cvss

SUSE

HIGH

qualitative

Red Hat

7.5 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:22 vuln.today

cvss_changed

PoC Detected

Apr 17, 2026 - 15:10 vuln.today

Public exploit code

Analysis Generated

Apr 14, 2026 - 19:24 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 17:46 euvd

EUVD-2026-22635

Analysis Generated

Apr 14, 2026 - 17:46 vuln.today

Patch released

Apr 14, 2026 - 17:46 nvd

Patch available

CVE Published

Apr 14, 2026 - 16:57 nvd

HIGH 7.5

DescriptionCVE.org

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

AnalysisAI

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust server resources via specially crafted network requests. The vulnerability (CWE-835) stems from unreachable loop exit conditions in core .NET processing logic, enabling complete service disruption with low attack complexity. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted network request

Exploit

Trigger infinite loop in .NET parser

Access

Send crafted network request

Exploit

Trigger infinite loop in .NET parser

Vulnerability AssessmentAI

Exploitation	No special conditions — remote unauthenticated exploitation against default .NET, .NET Framework, or Visual Studio configurations susceptible to infinite loop triggering via network requests. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability presents moderate-to-high real-world risk despite the 7.5 CVSS score, driven primarily by its unauthenticated network attack surface and low complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker identifies a public-facing ASP.NET web application running vulnerable .NET Framework 4.8 or .NET 8.0 runtime. The attacker crafts malicious HTTP requests containing specially formatted input data designed to trigger vulnerable parsing routines in the .NET stack-such as malformed XML, JSON payloads with recursive references, or edge-case string encodings. …
Remediation	Apply vendor-released security updates immediately for all affected .NET installations. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running affected .NET versions (Framework 3.5-4.8.1, .NET 8.0, 9.0, 10.0) and prioritize internet-facing applications. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High

Product	Status
SUSE Liberty Linux 10	Fixed
SUSE Liberty Linux 8	Fixed
SUSE Liberty Linux 9	Fixed

EUVD-2026-22635 vulnerability details – vuln.today

Back

Net 10 0 EUVD-2026-22635

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code