CVE-2026-26127Out-of-bounds Read in Microsoft Microsoft.bcl.memory

CWE-125Out-of-bounds ReadCWE-129Improper Validation of Array IndexCWE-1395Dependency on Vulnerable Third-Party Component16 documents10 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 69.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Microsoft.bcl.memoryMicrosoft NET 10.0Microsoft NET 9.0+14 more
Timeline
PublishedMar 10
Latest updateApr 1

Description

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages17 packages

NVDmicrosoft/net10.0.010.0.4+1
CVEListV5microsoft/net_9.09.0.09.0.14
CVEListV5microsoft/net_10.010.0.010.0.4
NVDmicrosoft/bcl.memory9.0.09.0.14+1
CVEListV5microsoft/microsoft.bcl.memory10.0.010.0.4+1

🔴Vulnerability Details

10
GHSA
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory2026-04-01
OSV
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory2026-04-01
GHSA
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability2026-03-13
OSV
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability2026-03-13
OSV
dotnet8, dotnet9, dotnet10 vulnerabilities2026-03-11

📋Vendor Advisories

3
Ubuntu
.NET vulnerabilities2026-03-11
Red Hat
.net: .NET: Denial of Service via out-of-bounds read2026-03-10
Microsoft
.NET Denial of Service Vulnerability2026-03-10

🕵️Threat Intelligence

2
Tenable
March 2026 Microsoft Patch Tuesday | Tenable®2026-03-10
Wiz
CVE-2026-26127 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-26127 — Out-of-bounds Read in Microsoft | cvebase