CVE-2026-32226

MEDIUM

.NET Framework Denial of Service Vulnerability

Title source: cna

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32226

Scores

CVSS v3 5.9

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (4)

Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 4.7.0 - 2.0.50727.9068 & 3.0.30729.9065 & 4.7.4141.0

Microsoft/Microsoft .NET Framework 3.5 AND 4.8 4.8.0 - 2.0.50727.9068 & 3.0.30729.9065 & 4.8.4801.0

Microsoft/Microsoft .NET Framework 3.5 AND 4.8.1 4.8.1 - 2.0.50727.9181 & 3.0.30729.9165 & 4.8.9332.0

Microsoft/Microsoft .NET Framework 4.8 4.8.0 - 4.8.4801.0

Published Apr 14, 2026

Tracked Since Apr 14, 2026