CVE-2026-26127
published 2026-03-10CVE-2026-26127: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.05%
78.8th percentile
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | bcl.memory | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | bcl.memory | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.bcl.memory | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.bcl.memory | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.bcl.memory | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.bcl.memory | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-arm | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-arm | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-arm64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-arm64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-arm | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-arm | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-arm64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-arm64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-x64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-x64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.linux-x64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.linux-x64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.osx-arm64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.osx-arm64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.osx-x64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.osx-x64 | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.win-arm | >= 10.0.0 < 10.0.4 | 10.0.4 |
| microsoft | microsoft.netcore.app.runtime.win-arm | >= 9.0.0 < 9.0.14 | 9.0.14 |
| microsoft | microsoft.netcore.app.runtime.win-arm64 | >= 10.0.0 < 10.0.4 | 10.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-26127 is an out-of-bounds read DoS vulnerability in .NET that was publicly disclosed prior to patching; monitor for unexpected crashes or service restarts in .NET applications, particularly during or after network-based interactions ↗
- →Consider the risk window during .NET service reboots triggered by CVE-2026-26127 exploitation — an attacker may attempt to evade detection by crashing log forwarders or security agents, then act during the blind spot ↗
- →CVE-2026-26127 was publicly disclosed before a patch was available; treat it as a zero-day DoS risk for unpatched .NET deployments and prioritize patching Microsoft.Bcl.Memory and dotnet-apphost-pack-9.0 packages ↗
- ·No public exploit exists for CVE-2026-26127 as of the time of these reports; exploitation likelihood is assessed as lower but the public disclosure before patch increases risk ↗
- ·Affected packages include Microsoft.Bcl.Memory (NuGet) and dotnet-apphost-pack-9.0; fixes are available across multiple Linux distributions and Windows as of early April 2026 ↗
- ·EPSS exploitation probability is low (0.1%) but the 28.3rd percentile ranking and zero-day public disclosure status warrant prioritized patching ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
ghsa·2026-04-01·CVSS 7.5
CVE-2026-26127 [HIGH] CWE-129 EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
### Impact
`Microsoft.Bcl.Memory`, a transitive dependency of `EnhancedLinq.Async`, had a Denial of Service security vulnerability, [CVE-2026-26127](https://github.com/dotnet/announcements/issues/384), thus affecting `EnhancedLinq.Async` versions that had vulnerable versions of `Microsoft.Bcl.Memory` as a transitive dependency.
### Patches
`EnhancedLinq.Async` 1.0.0 Beta 3 updates the dependency on `System.Linq.AsyncEnumerable` to version 10.0.4 or newer which in turn updates the transitive dependency on `Microsoft.Bcl.Memory` from version 10.0.3 to 10.0.4 or newer, resolving the vulnerability.
### Workarounds
No workarounds exist for this vulnerability.
### How to fix the issue
To upd
OSV
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
osv·2026-04-01·CVSS 7.5
CVE-2026-26127 [HIGH] EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
### Impact
`Microsoft.Bcl.Memory`, a transitive dependency of `EnhancedLinq.Async`, had a Denial of Service security vulnerability, [CVE-2026-26127](https://github.com/dotnet/announcements/issues/384), thus affecting `EnhancedLinq.Async` versions that had vulnerable versions of `Microsoft.Bcl.Memory` as a transitive dependency.
### Patches
`EnhancedLinq.Async` 1.0.0 Beta 3 updates the dependency on `System.Linq.AsyncEnumerable` to version 10.0.4 or newer which in turn updates the transitive dependency on `Microsoft.Bcl.Memory` from version 10.0.3 to 10.0.4 or newer, resolving the vulnerability.
### Workarounds
No workarounds exist for this vulnerability.
### How to fix the issue
To upd
GHSA
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
ghsa·2026-03-13·CVSS 7.5
CVE-2026-26127 [HIGH] CWE-129 idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
# idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
## Impact
The `Microsoft.Bcl.Memory` package, a transitive dependency of `idunno.AtProto` and `idunno.AtProto.OAuthCallback` had a Denial of Service security vulnerability, [CVE-2026-26127](https://github.com/dotnet/announcements/issues/384)
## Patches
v1.7.0 updates the dependencies on `Duende.IdentityModel.OidcClient` and `Duende.IdentityModel.OidcClient.Extensions` which, in turn, updates their dependency on `Microsoft.Bcl.Memory` to 10.0.4, resolving the vulnerability.
## Workarounds
No workarounds exist for this vulnerability.
## How to fix the issue
To update your dependencies on `idu
OSV
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
osv·2026-03-13·CVSS 7.5
CVE-2026-26127 [HIGH] idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
# idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
## Impact
The `Microsoft.Bcl.Memory` package, a transitive dependency of `idunno.AtProto` and `idunno.AtProto.OAuthCallback` had a Denial of Service security vulnerability, [CVE-2026-26127](https://github.com/dotnet/announcements/issues/384)
## Patches
v1.7.0 updates the dependencies on `Duende.IdentityModel.OidcClient` and `Duende.IdentityModel.OidcClient.Extensions` which, in turn, updates their dependency on `Microsoft.Bcl.Memory` to 10.0.4, resolving the vulnerability.
## Workarounds
No workarounds exist for this vulnerability.
## How to fix the issue
To update your dependencies on `idu
OSV
dotnet8, dotnet9, dotnet10 vulnerabilities
osv·2026-03-11·CVSS 7.5
CVE-2026-26127 [HIGH] dotnet8, dotnet9, dotnet10 vulnerabilities
dotnet8, dotnet9, dotnet10 vulnerabilities
It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not
properly handle certain malformed Base64Url encoded input. An attacker could
possibly use this issue to cause .NET to crash, resulting in a denial of
service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127)
Bartłomiej Dach discovered that .NET's SignalR server component did not
properly manage resource consumption when processing certain messages. An
attacker could possibly use this issue to exhaust internal buffers, resulting
in a denial of service. (CVE-2026-26130)
OSV
.NET Denial of Service Vulnerability
osv·2026-03-11·CVSS 7.5
CVE-2026-26127 [HIGH] .NET Denial of Service Vulnerability
.NET Denial of Service Vulnerability
# Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists in .NET and Microsoft.Bcl.Memory due to an out-of-bounds read when decoding malformed Base64Url input.
## Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/384
## CVSS Details
- **Version:** 3.1
- **Score:** 7.5
- **Vector:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C`
- **Severity:** High
- **Wea
GHSA
.NET Denial of Service Vulnerability
ghsa·2026-03-11·CVSS 7.5
CVE-2026-26127 [HIGH] CWE-125 .NET Denial of Service Vulnerability
.NET Denial of Service Vulnerability
# Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists in .NET and Microsoft.Bcl.Memory due to an out-of-bounds read when decoding malformed Base64Url input.
## Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/384
## CVSS Details
- **Version:** 3.1
- **Score:** 7.5
- **Vector:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C`
- **Severity:** High
- **Wea
OSV
CVE-2026-26127: Out-of-bounds read in
osv·2026-03-10·CVSS 7.5
CVE-2026-26127 [HIGH] CVE-2026-26127: Out-of-bounds read in
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
VulnCheck
Microsoft .net Out-of-bounds Read
vulncheck·2026·CVSS 7.5
CVE-2026-26127 [HIGH] Microsoft .net Out-of-bounds Read
Microsoft .net Out-of-bounds Read
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Affected: Microsoft .net
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.recordedfuture.com/blog/march-2026-cve-landscape
Ubuntu
.NET vulnerabilities
vendor_ubuntu·2026-03-11·CVSS 7.5
CVE-2026-26127 [HIGH] .NET vulnerabilities
Title: .NET vulnerabilities
Summary: Several security issues were fixed in .NET.
It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not
properly handle certain malformed Base64Url encoded input. An attacker could
possibly use this issue to cause .NET to crash, resulting in a denial of
service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127)
Bartłomiej Dach discovered that .NET's SignalR server component did not
properly manage resource consumption when processing certain messages. An
attacker could possibly use this issue to exhaust internal buffers, resulting
in a denial of service. (CVE-2026-26130)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
.net: .NET: Denial of Service via out-of-bounds read
vendor_redhat·2026-03-10·CVSS 7.5
CVE-2026-26127 [HIGH] CWE-125 .net: .NET: Denial of Service via out-of-bounds read
.net: .NET: Denial of Service via out-of-bounds read
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
A flaw was found in .NET. An unauthorized attacker can exploit an out-of-bounds read vulnerability over a network, leading to a Denial of Service (DoS). This can prevent legitimate users from accessing the affected service.
Mitigation: To mitigate this issue, restrict network access to applications utilizing affected .NET components to only trusted clients or networks using firewall rules. This will limit the exposure of the vulnerable service to potential attackers. After applying firewall rules, ensure to reload or restart the network service for changes to take effect.
Package: dotnet8.0 (Red Hat Enterprise Linux 10) - Not affected
Package:
Microsoft
.NET Denial of Service Vulnerability
vendor_msrc·2026-03-10·CVSS 7.5
CVE-2026-26127 [HIGH] CWE-125 .NET Denial of Service Vulnerability
.NET Denial of Service Vulnerability
Description: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
.NET: .NET
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Unlikely
Reference: https://www.nuget.org/packages/Microsoft.Bcl.Memory#versions-body-tab
Reference: https://dotnet.microsoft.com/download/dotnet/10.0
Reference: https://support.microsoft.com/help/5081276
Reference: https://dotnet.microsoft.com/en-us/download/dotnet/9.0
Reference: https://support.microsoft.com/help/5081278
No detection rules found.
No public exploits indexed.
Sophos
March Patch Tuesday visits 15 product families
blogs_sophos·2026-03-13
March Patch Tuesday visits 15 product families
Akuter Cyberangriff? Fordern Sie Sofort-Hilfe an
Sophos Central
Partner-Portal
Lizenzen & Accounts
Sophos Home
Sophos Central
Sophos-Central-Anmeldung
Sophos KI
Integrationen
Threat Intelligence
Testversion
Endpoint Protection (Next-Gen Antivirus)
EDR – Endpoint Detection and Response
Server Protection
Mobile Security
XDR – Extended Detection and Response
XDR mit Next-Gen SIEM
ITDR – Identity Threat Detection and Response
Next-Gen Firewall (NGFW)
NDR – Network Detection and Response
Netzwerk-Switches
Wireless Access Points
Workspace Protection
Protected Browser
Zero Trust Network Access (ZTNA)
DNS Protection
Email Monitoring System
E-Mail- und Phishing-Schutz
Awareness-Training für Mitarbeitende
Schutz für Cloud Workloads
Cloud Security Posture Management (CSP
Krebs
Microsoft Patch Tuesday, March 2026 Edition
blogs_krebs·2026-03-11·CVSS 8.8
CVE-2026-21262 [HIGH] Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.
Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.
“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said. “The CVSS v3 base score of
Krebs
Microsoft Patch Tuesday, March 2026 Edition
blogs_krebs·2026-03-11·CVSS 8.8
CVE-2026-2126 [HIGH] Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.
Image: Shutterstock, @nwz.
Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.
“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said
Tenable
March 2026 Microsoft Patch Tuesday | Tenable®
blogs_tenable·2026-03-10·CVSS 8.8
CVE-2026-21262 [HIGH] March 2026 Microsoft Patch Tuesday | Tenable®
Blog / Cyber Exposure Alerts
Subscribe
# Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Research Special Operations
March 10, 2026
4 Min Read
1. 8Critical
2. 75Important
3. 0Moderate
4. 0Low
Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.
Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub.
This month’s update includes patches for:
- .NET
- ASP.NET Core
- Active Directory Domain Services
- Azure Arc
- Azure Compute Gallery
- Azure Entra ID
- Azure IoT Explorer
- Azure Linux Virtual Machines
- Azure MCP Server
- Azure Portal Windows Admin Cen
Qualys
Microsoft and Adobe Patch Tuesday, March 2026 Security Update Review | Qualys
blogs_qualys·2026-03-10
Microsoft and Adobe Patch Tuesday, March 2026 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday forMarch2026
- Adobe Patches for March 2026
- Zero-day Vulnerabilities Patched inMarchPatch Tuesday Edition
- Critical Severity Vulnerabilities Patched inMarchPatch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- Qualys Monthly Webinar Series
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses multiple vulnerabilities spanning Windows components and other Microsoft products. Here’s a quick breakdown of what you need to
Tenable
March 2026 Microsoft Patch Tuesday | Tenable®
blogs_tenable·2026-03-10
March 2026 Microsoft Patch Tuesday | Tenable®
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
blogs_bleepingcomputer·2026-03-10·CVSS 8.8
[HIGH] Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
## Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
## Lawrence Abrams
The number of bugs in each vulnerability category is listed below:
46 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
18 Remote Code Execution Vulnerabilities
10 Information Disclosure Vulnerabilities
4 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 9 Microsoft Edge flaws, Mariner, Payment Orchestrator Service, Azure, and Microsoft Devices Pricing Program flaws fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the
Rapid7
Patch Tuesday - March 2026
blogs_rapid7·2026-03-10·CVSS 8.8
[HIGH] Patch Tuesday - March 2026
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today’s vulnerabilities, but without evidence of exploitation in the wild for any (yet), so there are no Microsoft additions to CISA KEV today. Earlier in the month, Microsoft provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above.
### SQL Server: zero-day remote EoP
SQL Server often goes several months in a row without any mention on Patch Tuesday. Today, however, all versions from the latest and greatest SQL Server 2025 back as far as SQL Server 2016 SP3 receive patches for CVE-2026-21262, a SQL Server elevation of privilege vulnerability. This isn’t just any elevation of privilege vulnerability, either; t
Qualys
Microsoft and Adobe Patch Tuesday, March 2026 Security Update Review
blogs_qualys·2026-03-10
Microsoft and Adobe Patch Tuesday, March 2026 Security Update Review
## Table of Contents
Microsoft Patch Tuesday forMarch2026
Adobe Patches for March 2026
Zero-day Vulnerabilities Patched inMarchPatch Tuesday Edition
Critical Severity Vulnerabilities Patched inMarchPatch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
Qualys Monthly Webinar Series
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses multiple vulnerabilities spanning Windows components and other Microsoft products. Here’s a quick breakdown of what you need to know.
## Mi
Crowdstrike
March 2026 Patch Tuesday: Updates and Analysis
blogs_crowdstrike
March 2026 Patch Tuesday: Updates and Analysis
4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations Mar 12, 2026
Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities Mar 11, 2026
March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched Mar 10, 2026
Falcon for XIoT Extends Asset Protection to Healthcare Environments Mar 09, 2026
4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations Mar 12, 2026
Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities Mar 11, 2026
March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched Mar 10, 2026
Falcon for XIoT Extends Asset Protection to Healthcare Environments Mar 09, 2026
Video Highli
Sophos
March Patch Tuesday visits 15 product families
blogs_sophos
March Patch Tuesday visits 15 product families
Share This
Microsoft on Tuesday released 84 patches affecting 15 product families – including a few you’ve possibly never encountered. Eight of the addressed issues are considered by Microsoft to be of Critical severity, though none of those affect Windows, nor are they expected to be exploited within the next 30 days. In addition, five of those Critical issues were in fact addressed by Microsoft in advance of Patch Tuesday itself, as we’ll discuss below. Twenty-two have a CVSS base score of 8.0 or higher, including one with a 9.8 base score. None are known to be under active exploit in the wild, but two are publicly disclosed so far.
At patch time, six CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable
Wiz
CVE-2026-26127 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-26127 [HIGH] CVE-2026-26127 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26127 :
C# vulnerability analysis and mitigation
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Source : NVD
## 7.5
Score
Published March 10, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
C#
.NET SDK
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Microsoft.Bcl.Memory
dotnet-apphost-pack-9.0
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 13, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 17, 2026
Alpine 3.21, 3.22, 3.23 Severity HIGH Has Fix Added at: Mar 13, 2026
Alpine edge Severity HIGH Has Fix Added at: Mar 14, 2026
Chai
Wiz
CVE-2026-4111 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4111 [HIGH] CVE-2026-4111 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4111 :
Rocky Linux vulnerability analysis and mitigation
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Source : NVD
## 7.5
Score
Published March 13, 2026
Severity HIGH
CNA Score
Wiz
CVE-2025-14905 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-14905 [MEDIUM] CVE-2025-14905 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14905 :
Rocky Linux vulnerability analysis and mitigation
schema_attr_enum_callback
schema.c
Source : NVD
## 7.2
Score
Published February 23, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Rocky Linux
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 64.4
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
python3-lib389
389-ds-base-legacy-tools
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 29, 2026
AlmaLinux 9 Severity MEDIUM Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13 Severity HIGH No Fix Added at: Feb 24, 2026
Echo Severity HIGH No Fix Added at: Feb 24, 2026
Red Hat 6, 7 Severity MEDIUM No Fix Added at: F
Wiz
CVE-2026-1299 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.0
CVE-2026-1299 [MEDIUM] CVE-2026-1299 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1299 :
Rocky Linux vulnerability analysis and mitigation
The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Source : NVD
## 6
Score
Published January 23, 2026
Severity MEDIUM
CNA Score 6.0
Affected Technologies
Rocky Linux
Python Interpreter
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.5
Exploitation Probability (EPSS) N/A
Affected pac
Wiz
CVE-2025-12801 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-12801 [MEDIUM] CVE-2025-12801 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12801 :
Rocky Linux vulnerability analysis and mitigation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
Source : NVD
## 6.5
Score
Published March 4, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Rocky Linux
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabilit
Wiz
CVE-2025-15366 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-15366 [MEDIUM] CVE-2025-15366 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15366 :
Rocky Linux vulnerability analysis and mitigation
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Source : NVD
## 5.9
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Rocky Linux
Python Interpreter
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
python311-testsuite
python36:3.6::python-pymongo
Sources
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity MEDIUM Has Fix Added at: Mar 12, 2026
Chainguard
Tenable
Blog
blogs_tenable
Blog
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2026-1761 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-1761 [HIGH] CVE-2026-1761 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1761 :
Rocky Linux vulnerability analysis and mitigation
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Source : NVD
## 8.6
Score
Published February 2, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Rocky Linux
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Explo
Wiz
CVE-2026-0719 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-0719 [HIGH] CVE-2026-0719 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0719 :
Rocky Linux vulnerability analysis and mitigation
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
Source : NVD
## 8.6
Score
Published January 8, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Rocky Linux
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Pe
Tenable
Blog
blogs_tenable·CVSS 7.8
[HIGH] Blog
# Tenable blog
Subscribe
Featured
March 17, 2026
## Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
Iran's retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable's exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn't the headline threat, it's a Microsoft Word N-day affecting nearly 14 million assets.
Robert Huber
March 17, 2026
## FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word
An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user w
Wiz
CVE-2026-0865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-0865 [MEDIUM] CVE-2026-0865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0865 :
Rocky Linux vulnerability analysis and mitigation
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Source : NVD
## 5.9
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Rocky Linux
Python Interpreter
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
python3.15-freethreading-libs
python313-nogil
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity MEDIUM Has Fix Added at: Mar 13, 2026
CBL-Mariner 2.0 Severity MEDIUM Has Fix Added at: Mar 10, 2026
CBL-Mariner 3.0 Severity
Wiz
CVE-2025-15367 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-15367 [MEDIUM] CVE-2025-15367 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15367 :
Rocky Linux vulnerability analysis and mitigation
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
Source : NVD
## 5.9
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Rocky Linux
Python Interpreter
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
python310-tk
python312-tk
Sources
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity MEDIUM Has Fix Added at: Mar 12, 2026
Chainguard Has Fix Added at: Jan 28
Wiz
CVE-2025-14523 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-14523 [HIGH] CVE-2025-14523 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14523 :
Rocky Linux vulnerability analysis and mitigation
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Source : NVD
## 8.2
Score
Published December 11, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
Rocky Linux
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Bugzilla
CVE-2026-26127 .net: .NET: Denial of Service via out-of-bounds read
bugzilla·2026-03-10·CVSS 7.5
CVE-2026-26127 [HIGH] CVE-2026-26127 .net: .NET: Denial of Service via out-of-bounds read
CVE-2026-26127 .net: .NET: Denial of Service via out-of-bounds read
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:4450 https://access.redhat.com/errata/RHSA-2026:4450
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:4453 https://access.redhat.com/errata/RHSA-2026:4453
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:4443 https://access.redhat.com/errata/RHSA-2026:4443
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:4458 https://access.redhat.com/errata/RHSA-2026
2026-03-10
Published
Exploited in the wild