CVE-2026-23666 — Improper Handling of Exceptional Conditions in Microsoft NET Framework 3.5
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
Description
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.84.8.0 — 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.7.24.7.0 — 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.8.14.8.1 — 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0
🔴Vulnerability Details
2📋Vendor Advisories
1🕵️Threat Intelligence
1💬Community
4Bugzilla▶
CVE-2026-23666 dotnet10.0: .NET Framework: Denial of Service via Race Condition [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-23666 dotnet8.0: .NET Framework: Denial of Service via Race Condition [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-23666 dotnet9.0: .NET Framework: Denial of Service via Race Condition [fedora-all]↗2026-04-14