Jul 2026: Active Directory Federation Server Denial of Service Vulnerability
CVE-2026-50647 Published on July 14, 2026
Active Directory Federation Server Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2026-50647 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2026-50647
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 10 Version 1607:- Version 10.0.14393.0 and below 10.0.14393.9339 is affected.
- Version 10.0.17763.0 and below 10.0.17763.9020 is affected.
- Version 10.0.19044.0 and below 10.0.19044.7548 is affected.
- Version 10.0.19045.0 and below 10.0.19045.7548 is affected.
- Version 10.0.26100.0 and below 10.0.26100.8875 is affected.
- Version 10.0.26200.0 and below 10.0.26100.8875 is affected.
- Version 10.0.28000.0 and below 10.0.28000.2525 is affected.
- Version 6.2.9200.0 and below 6.2.9200.26226 is affected.
- Version 6.2.9200.0 and below 6.2.9200.26226 is affected.
- Version 6.3.9600.0 and below 6.3.9600.23291 is affected.
- Version 6.3.9600.0 and below 6.3.9600.23291 is affected.
- Version 10.0.14393.0 and below 10.0.14393.9339 is affected.
- Version 10.0.14393.0 and below 10.0.14393.9339 is affected.
- Version 10.0.17763.0 and below 10.0.17763.9020 is affected.
- Version 10.0.17763.0 and below 10.0.17763.9020 is affected.
- Version 10.0.20348.0 and below 10.0.20348.5386 is affected.
- Version 10.0.26100.0 and below 10.0.26100.33158 is affected.
- Version 10.0.26100.0 and below 10.0.26100.33158 is affected.