Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity DoS with availability-only impact; no confidentiality or integrity loss, matching the buffer-overflow-to-crash behavior.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 20:43 vuln.today
CVE Published
Jul 14, 2026 - 19:29 nvd
HIGH 7.5

DescriptionCVE.org

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

AnalysisAI

Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and .NET Framework (3.5 through 4.8.1) allows a remote, unauthenticated attacker to crash affected applications by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw impacts availability only - there is no confidentiality or integrity loss and no code execution per the CVSS vector (A:H, C:N, I:N). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach network-exposed .NET service
Delivery
Send crafted malformed input
Exploit
Overflow fixed-size stack buffer
Execution
Corrupt stack and fault process
Impact
Service crashes (denial of service)

Vulnerability AssessmentAI

Exploitation Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no special conditions are required beyond network reachability - remote unauthenticated exploitation is possible against affected .NET and .NET Framework applications that process attacker-supplied input over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects a network-reachable, low-complexity, unauthenticated attack whose entire severity comes from availability impact - this is a pure DoS, not an RCE, despite the buffer-overflow root cause. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a specially crafted network request or malformed input to an internet-exposed .NET or ASP.NET service, overflowing a fixed-size stack buffer during parsing and crashing the worker process. Repeating the request keeps the service offline, producing a denial of service against any consumers of that application. …
Remediation Patch available per vendor advisory: apply the latest Microsoft security updates for the affected .NET runtime and .NET Framework versions as published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50527, and update Visual Studio 2022 (17.12/17.14) and Visual Studio 2026 (18.7) to the servicing releases that bundle the fixed components. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit your infrastructure for instances of Microsoft .NET 8.0, 9.0, 10.0 or .NET Framework 3.5-4.8.1 and consult the Microsoft security advisory referenced in CVE-2026-50527. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33116 HIGH POC
7.5 Apr 14

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 a

CVE-2026-26171 HIGH POC
7.5 Apr 14

Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to ex

CVE-2026-42899 HIGH POC
7.5 May 12

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service o

CVE-2026-35433 HIGH POC
7.3 May 12

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-32177 HIGH POC
7.3 May 12

Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through

CVE-2026-47303 HIGH
8.8 Jul 14

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged

CVE-2026-47300 HIGH
8.8 Jul 14

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged

CVE-2026-32175 MEDIUM POC
4.3 May 12

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully

CVE-2026-50528 HIGH
8.2 Jul 14

Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumve

CVE-2026-57108 HIGH
7.5 Jul 14

Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows a remote, unauthenticated attacker to crash or

CVE-2026-47302 HIGH
7.5 Jul 14

Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allo

CVE-2026-56170 HIGH
7.5 Jul 14

Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticate

Share

EUVD-2026-44395 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy