High severity7.5NVD Advisory· Published Feb 10, 2016· Updated May 6, 2026

CVE-2016-0033

Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1034983nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-019nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000