PatchSiren cyber security CVE debrief
CVE-2026-23666 Microsoft CVE debrief
CVE-2026-23666 is a HIGH severity vulnerability in .NET Framework that allows an unauthorized attacker to deny service over a network. The vulnerability has a CVSS score of 7.5 and was published on April 14, 2026. The vulnerability affects multiple versions of .NET Framework, including 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1. Microsoft has released a vendor advisory for this vulnerability.
- Vendor
- Microsoft
- Product
- Microsoft .NET Framework 3.5
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-06-30
Who should care
Organizations using .NET Framework should prioritize patching this vulnerability to prevent potential denial-of-service attacks. The vulnerability has a high CVSS score, indicating a significant risk to affected systems. Administrators should review the affected versions and apply patches or mitigations as needed.
Technical summary
CVE-2026-23666 is an improper input validation vulnerability in .NET Framework. The vulnerability allows an unauthorized attacker to deny service over a network. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity vulnerability. The vulnerability affects multiple versions of .NET Framework, including 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1.
Defensive priority
High priority should be given to patching this vulnerability, as it allows for potential denial-of-service attacks. Administrators should review the affected versions and apply patches or mitigations as needed.
Recommended defensive actions
- Apply patches or updates for .NET Framework to prevent exploitation of this vulnerability.
- Review and update affected systems to ensure they are running a patched version of .NET Framework.
- Monitor systems for potential denial-of-service attacks.
- Implement compensating controls, such as network segmentation or access controls, to limit the impact of a potential attack.
- Verify that vendor advisories and patches are applied correctly.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected versions. The vendor advisory from Microsoft provides guidance on patching and mitigation. Red Hat has also provided references to their security advisories and bugzilla entries.
Official resources
-
CVE-2026-23666 CVE record
CVE.org
-
CVE-2026-23666 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.