High severity7.5NVD Advisory· Published Apr 14, 2026· Updated May 7, 2026
CVE-2026-23666
CVE-2026-23666
Description
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
Affected products
8cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666nvdVendor Advisory
News mentions
2- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026
- Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent VulnerabilitiesCisco Talos Intelligence · Apr 14, 2026