High

.NET Framework Denial of Service Vulnerability

IdentifiersCVE-2026-23666CWE-362

CVE-2026-23666 is a denial-of-service vulnerability in Microsoft .NET Framework. The provided content states the issue is caused by a race condition stemming from improper synchronization during concurrent execution using shared resources, and also characterizes it as improper input validation. Based on the more specific advisory language, the core flaw is a race condition in concurrent handling within affected .NET Framework components. Successful exploitation allows an unauthorized attacker to trigger a denial-of-service condition against the target over the network.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A remote, unauthenticated attacker can cause denial of service on affected systems running vulnerable .NET Framework versions. The impact is service disruption to network clients or applications relying on the affected .NET Framework components; the content does not indicate code execution, privilege escalation, or information disclosure.

Mitigation

If you can’t patch tonight, do this now.

No specific vendor mitigation beyond patching is provided in the supplied content. Where immediate patching is not possible, reduce exposure by limiting network access to affected services and monitoring for abnormal service termination or repeated crash conditions, but the authoritative remediation is to install the Microsoft security update.

Remediation

Patch, then assume compromise.

Apply Microsoft's April 14, 2026 security update for the affected .NET Framework versions. The provided content indicates the relevant update covers .NET Framework 3.5 and 4.8.1 on Microsoft server operating system version 23H2, and is available via Windows Update, Windows Update for Business, Microsoft Update Catalog, and WSUS. Microsoft notes that a restart may be required if affected files are in use and recommends exiting .NET Framework-based applications before installation.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft Corporation.Net Frameworkapplication

Microsoft CorporationNetapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cyberthroneNews

Apr 15, 2026

Microsoft Patch Tuesday - April 2026 - TheCyberThrone

A critical denial-of-service vulnerability in the .NET Framework caused by a race condition.

talos intelligence blogNews

Apr 14, 2026

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

A critical denial-of-service vulnerability in the .NET Framework that can be exploited over the network.

microsoft supportNews

Apr 14, 2026

April 14, 2026-KB5082418 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 - Microsoft Support

A denial-of-service vulnerability in .NET Framework addressed by the April 14, 2026 Microsoft security update for server operating system version 23H2.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-23666

NVD

nvd.nist.gov/vuln/detail/CVE-2026-23666

MITRE CWE · CWE-362

cwe.mitre.org

Vendor Advisory

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666