CVE-2026-26171
Modified
Modified - Updated After Analysis
Uncontrolled Resource Consumption in .NET Causes Remote DoS
Vulnerability report for CVE-2026-26171, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-14
Last updated on: 2026-06-30
Assigner: Microsoft Corporation
Description
Description
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | .net | From 10.0.0 (inc) to 10.0.6 (exc) |
| microsoft | .net | From 8.0.0 (inc) to 8.0.26 (exc) |
| microsoft | .net | From 9.0.0 (inc) to 9.0.15 (exc) |
| microsoft | powershell | From 7.5 (inc) to 7.5.6 (exc) |
| microsoft | powershell | From 7.6 (inc) to 7.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
| CWE-776 | The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |