CVE-2026-33116 — Improper Input Validation in Microsoft NET Framework 3.5
Severity
7.5HIGHNVD
EPSS
0.9%
top 25.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
Latest updateApr 15
Description
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.84.8.0 — 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.7.24.7.0 — 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0
▶CVEListV5microsoft/microsoft_net_framework_3.5_and_4.8.14.8.1 — 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
4Bugzilla▶
CVE-2026-33116 dotnet8.0: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-33116 dotnet9.0: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-33116 dotnet10.0: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform [fedora-all]↗2026-04-14
Bugzilla▶
CVE-2026-33116 dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform↗2026-04-13