CVE-2026-33116

Versions sourced from the GitHub Security Advisory.

• Dotnet/RuntimeGHSA

  Range: >= 8.0.0, <= 8.0.2
• Microsoft/Net

  cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*

  Range: >=10.0.0,<10.0.6
• Microsoft/.net Framework7 versions

  cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*+ 6 more

  • cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• github.com/advisories/GHSA-37gx-xxp4-5rgxghsaADVISORY
• msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116nvdVendor AdvisoryWEB
• nvd.nist.gov/vuln/detail/CVE-2026-33116ghsaADVISORY
• github.com/dotnet/announcements/issues/392ghsaWEB
• github.com/dotnet/runtime/security/advisories/GHSA-37gx-xxp4-5rgxghsaWEB

• Living Off the Pipeline: Defending Against CI/CD Subversion
  SentinelOne Labs · May 15, 2026
• Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
  SecurityWeek · May 13, 2026
• New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
  The Hacker News · May 12, 2026
• Build Application Firewalls Aim to Stop the Next Supply Chain Attack
  SecurityWeek · May 11, 2026
• Linux developers weigh emergency “killswitch” for vulnerable kernel functions
  Help Net Security · May 11, 2026
• Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity Summit
  Rapid7 Blog · May 11, 2026
• A week in security (May 4 &#8211; May 10)
  Malwarebytes Labs · May 11, 2026
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
  Rapid7 Blog · May 7, 2026
• How Cloudflare responded to the “Copy Fail” Linux vulnerability
  Cloudflare Blog · May 7, 2026
• Open-source MCP server monitoring for Python apps
  Help Net Security · May 7, 2026
• Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
  Rapid7 Blog · May 6, 2026
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
  Malwarebytes Labs · May 6, 2026
• ServiceNow clears agents for landing with new AI control tower
  The Register Security · May 5, 2026
• A Walkthrough of the 2026 Global Cybersecurity Summit Agenda
  Rapid7 Blog · May 5, 2026
• UAT-8302 and its box full of malware
  Cisco Talos Intelligence · May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin
  Cisco Talos Intelligence · May 5, 2026
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
  SANS Internet Storm Center · May 4, 2026
• Shadow IT has given way to shadow AI. Enter AI-BOMs
  The Register Security · May 4, 2026
• Code Orange: Fail Small is complete. The result is a stronger Cloudflare network
  Cloudflare Blog · May 1, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 18
  SentinelOne Labs · May 1, 2026
• Introducing Dynamic Workflows: durable execution that follows the tenant
  Cloudflare Blog · May 1, 2026
• Microsoft won&#8217;t patch PhantomRPC: Feature or bug?
  Malwarebytes Labs · Apr 29, 2026
• Mastering agentic AI security through exposure management
  Tenable Blog · Apr 29, 2026
• 30 ClawHub skills secretly turn AI agents into a crypto swarm
  The Register Security · Apr 29, 2026
• VECT: Ransomware by design, Wiper by accident
  Check Point Research · Apr 28, 2026
• TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
  SANS Internet Storm Center · Apr 27, 2026
• 3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEM
  Rapid7 Blog · Apr 24, 2026
• AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it
  Rapid7 Blog · Apr 23, 2026
• Making Rust Workers reliable: panic and abort recovery in wasm‑bindgen
  Cloudflare Blog · Apr 22, 2026
• Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained
  Rapid7 Blog · Apr 21, 2026
• Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action
  Rapid7 Blog · Apr 20, 2026
• The AI engineering stack we built internally — on the platform we ship
  Cloudflare Blog · Apr 20, 2026
• Orchestrating AI Code Review at scale
  Cloudflare Blog · Apr 20, 2026
• Metasploit Wrap-Up 04/17/2026
  Rapid7 Blog · Apr 17, 2026
• Unweight: how we compressed an LLM 22% without sacrificing quality
  Cloudflare Blog · Apr 17, 2026
• Introducing Flagship: feature flags built for the age of AI
  Cloudflare Blog · Apr 17, 2026
• Frontier AI Reinforces the Future of Modern Cyber Defense
  SentinelOne Labs · Apr 16, 2026
• Artifacts: versioned storage that speaks Git
  Cloudflare Blog · Apr 16, 2026
• Patch Tuesday - April 2026
  Rapid7 Blog · Apr 14, 2026
• Your Cloud Detection Strategy in 2026: What to Expect at the Global Cybersecurity Summit
  Rapid7 Blog · Apr 14, 2026
• 6th April – Threat Intelligence Report
  Check Point Research · Apr 6, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 14
  SentinelOne Labs · Apr 3, 2026
• ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime
  Check Point Research · Mar 30, 2026
• Iranian MOIS Actors & the Cyber Crime Connection
  Check Point Research · Mar 10, 2026
• Risky Business #826 -- A week of AI mishaps and skulduggery
  Risky Business · Feb 25, 2026
• ABB AC500 V3 Multiple Vulnerabilities
  CISA Alerts
• Siemens SIMATIC
  CISA Alerts
• ABB B&R Automation Runtime
  CISA Alerts
• Siemens SIMATIC
  CISA Alerts