CVE-2026-50651
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2026-50651, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft .net *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2026-50651, involves the allocation of resources without proper limits or throttling in .NET. An unauthorized attacker can exploit this flaw to cause a denial of service (DoS) over a network. This means the attacker can send requests or inputs that consume excessive system resources, such as memory or processing power, without being restricted, leading to the system becoming unresponsive or crashing.

The vulnerability is classified with a CVSS v3.1 BaseScore of 7.5, indicating a high severity. The vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H shows that the attack can be executed remotely (AV:N) with low complexity (AC:L), without requiring any privileges (PR:N) or user interaction (UI:N). The impact is primarily on availability (A:H), meaning the system's ability to function is severely disrupted.

Impact Analysis

If you are using a system or application built on .NET that is affected by this vulnerability, the impact could include:

  • Denial of Service (DoS): An attacker could exploit this vulnerability to make your system or application unavailable to legitimate users, causing downtime and disrupting business operations.
  • Resource Exhaustion: The system may experience high CPU or memory usage, leading to slow performance or crashes, which could affect other services running on the same infrastructure.
  • Potential for Secondary Attacks: While this vulnerability does not directly allow data theft or unauthorized access, a successful DoS attack could be used as a distraction or precursor to other malicious activities.
Compliance Impact

This vulnerability could impact compliance with common standards and regulations in the following ways:

  • GDPR (General Data Protection Regulation): While this vulnerability does not directly involve data breaches or unauthorized access to personal data, a denial of service attack could disrupt the availability of systems processing personal data. Under GDPR, organizations must ensure the availability and resilience of processing systems. Prolonged downtime could be seen as a failure to protect personal data, potentially leading to non-compliance.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), a DoS attack could disrupt access to critical healthcare systems. HIPAA requires the availability of PHI to be maintained. If this vulnerability leads to system unavailability, it could result in non-compliance with HIPAA's security and availability requirements.
  • Other Standards (e.g., ISO 27001, NIST): Many compliance frameworks require organizations to implement measures to ensure system availability and protect against DoS attacks. Failure to mitigate this vulnerability could result in non-compliance with these standards, as they mandate risk assessments and the implementation of controls to address identified vulnerabilities.
Mitigation Strategies

The vulnerability involves allocation of resources without limits or throttling in .NET, leading to a denial of service. Immediate mitigation steps may include:

  • Apply the latest security patches or updates provided by Microsoft for .NET as soon as they become available.
  • Implement network-level protections such as rate limiting or throttling to restrict excessive resource consumption by unauthenticated requests.
  • Monitor network traffic and system resource usage for unusual patterns that may indicate exploitation attempts.
  • Restrict network access to vulnerable services to trusted sources only, if possible.
  • Review and enforce secure coding practices to prevent resource exhaustion vulnerabilities in custom .NET applications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50651. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart