CVE-2026-33116 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Description

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

How to fix CVE-2026-33116

To remediate CVE-2026-33116, upgrade the affected package to a fixed version below.

Bitnami/dotnet—upgrade to 8.0.26 or later
—upgrade to 8.0.26 or later
—upgrade to 10.0.6 or later

Is CVE-2026-33116 being exploited?

Moderate — EPSS is 8.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

>= 8.0.0, < 8.0.26, >= 9.0.0, < 9.0.15, >= 10.0.0, < 10.0.6
>= 8.0.0, < 8.0.26, >= 9.0.0, < 9.0.15, >= 10.0.0, < 10.0.6
>= 10.0.0, < 10.0.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-33116
PATCHgithub.com/dotnet/runtime
WEBgithub.com/dotnet/announcements/issues/392
WEBgithub.com/dotnet/runtime/security/advisories/GHSA-37gx-xxp4-5rgx
WEB