CVE-2026-33116

HIGH7.5EPSS 8.0%

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

發布日:2026/4/14修改日:2026/5/7

描述

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

受影響套件(3)

Bitnami/dotnet>= 8.0.0, < 8.0.26, >= 9.0.0, < 9.0.15, >= 10.0.0, < 10.0.6
Bitnami/dotnet-sdk>= 8.0.0, < 8.0.26, >= 9.0.0, < 9.0.15, >= 10.0.0, < 10.0.6
NuGet/System.Security.Cryptography.Xml>= 10.0.0, < 10.0.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-33116
PATCHhttps://github.com/dotnet/runtime
WEBhttps://github.com/dotnet/announcements/issues/392
WEBhttps://github.com/dotnet/runtime/security/advisories/GHSA-37gx-xxp4-5rgx
WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116