CVE-2026-26127
Published: 10 March 2026
Summary
CVE-2026-26127 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft .Net. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in .NET enables remote unauthenticated crash of processes (C:N/I:N/A:H), directly matching application/system exploitation for endpoint DoS.
NVD Description
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Deeper analysisAI
CVE-2026-26127 is an out-of-bounds read vulnerability (CWE-125) affecting the .NET framework. Published on March 10, 2026, it enables an unauthorized attacker to cause a denial of service over a network. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
An unauthenticated attacker can exploit this flaw remotely with low complexity and no user interaction required. By triggering the out-of-bounds read, the attacker can crash .NET processes, leading to denial of service on affected systems hosting .NET applications.
Microsoft's Security Response Center provides mitigation guidance in its update advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127, recommending the application of available patches to .NET installations.
Details
- CWE(s)