CVE-2026-23666

HIGH7.5

JSON export Create alert

Description

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

E

Physical

RL

O

RC

Changed

Affected products

Microsoft / Microsoft .NET Framework 3.53.5.0 – 2.0.50727.8982 & 3.0.30729.8976
Microsoft / Microsoft .NET Framework 3.5 AND 4.7.24.7.0 – 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.84.8.0 – 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0
Microsoft / Microsoft .NET Framework 3.5 AND 4.8.14.8.1 – 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0
Microsoft / Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.24.7.0 – 4.8.4801.0
Microsoft / Microsoft .NET Framework 4.84.8.0 – 4.8.4801.0

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666