PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23666 Microsoft CVE debrief

CVE-2026-23666 is a HIGH severity vulnerability in .NET Framework that allows an unauthorized attacker to deny service over a network. The vulnerability has a CVSS score of 7.5 and was published on April 14, 2026. The vulnerability affects multiple versions of .NET Framework, including 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1. Microsoft has released a vendor advisory for this vulnerability.

Vendor
Microsoft
Product
Microsoft .NET Framework 3.5
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-14
Original CVE updated
2026-06-30
Advisory published
2026-04-14
Advisory updated
2026-06-30

Who should care

Organizations using .NET Framework should prioritize patching this vulnerability to prevent potential denial-of-service attacks. The vulnerability has a high CVSS score, indicating a significant risk to affected systems. Administrators should review the affected versions and apply patches or mitigations as needed.

Technical summary

CVE-2026-23666 is an improper input validation vulnerability in .NET Framework. The vulnerability allows an unauthorized attacker to deny service over a network. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity vulnerability. The vulnerability affects multiple versions of .NET Framework, including 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1.

Defensive priority

High priority should be given to patching this vulnerability, as it allows for potential denial-of-service attacks. Administrators should review the affected versions and apply patches or mitigations as needed.

Recommended defensive actions

  • Apply patches or updates for .NET Framework to prevent exploitation of this vulnerability.
  • Review and update affected systems to ensure they are running a patched version of .NET Framework.
  • Monitor systems for potential denial-of-service attacks.
  • Implement compensating controls, such as network segmentation or access controls, to limit the impact of a potential attack.
  • Verify that vendor advisories and patches are applied correctly.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected versions. The vendor advisory from Microsoft provides guidance on patching and mitigation. Red Hat has also provided references to their security advisories and bugzilla entries.

Official resources

This article was generated with AI assistance based on the supplied source corpus.