Apr 2026: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116 Published on April 14, 2026

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

Vendor Advisory NVD

Weakness Types

What is an Infinite Loop Vulnerability?

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

CVE-2026-33116 has been classified to as an Infinite Loop vulnerability or weakness.

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-33116 has been classified to as a Resource Exhaustion vulnerability or weakness.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2026-33116

stack.watch emails you whenever new vulnerabilities are published in Microsoft Net or Canonical Ubuntu Linux. Just hit a watch button to start following.

Microsoft Net
 
Canonical Ubuntu Linux
 

Affected Versions

Microsoft .NET 10.0: Microsoft .NET 8.0: Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft .NET Framework 3.5: Microsoft .NET Framework 3.5 AND 4.7.2: Microsoft .NET Framework 3.5 AND 4.8: Microsoft .NET Framework 3.5 AND 4.8.1: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2: Microsoft .NET Framework 4.8: