CVE-2026-32226

Published Apr 14, 2026

Last updated 11 days ago

CVSS medium 5.9

Overview

Description: Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: .net_framework

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

secure@microsoft.com: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
            "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
            "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
            "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "23DB22F4-7FFB-4B77-A4BF-EC097938E239",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
            "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:-:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "CBFE0371-0C4D-406A-9EC7-456104271C3E",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "F2B83840-FCE8-445A-AE55-ACEDA6534FA1",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:-:*:*:*:*:*:x64:*",
            "matchCriteriaId": "FE97605F-7942-435A-9F5B-D51FA19A41AD",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References