CVE-2026-33116 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net	10.0.0 ≤ 𝑥 < 10.0.6
microsoft	.net	8.0.0 ≤ 𝑥 < 8.0.26
microsoft	.net	9.0.0 ≤ 𝑥 < 9.0.15
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5082411
1809 (arm64, x64, x86)	KB5082413
1809 (arm64, x64, x86)	KB5082414
21H2 (arm64, x64, x86)	KB5082426
21H2 (arm64, x64, x86)	KB5082419
22H2 (arm64, x64, x86)	KB5082419
22H2 (arm64, x64, x86)	KB5082426

Windows 11

22H2 (arm64, x64)	KB5082424
23H2 (arm64, x64)	KB5082424
24H2 (arm64, x64)	KB5082420
25H2 (arm64, x64)	KB5082417
26H1 (arm64, x64)	KB5082421

Windows Server 2012

Server Core	KB5082398
Server Core	KB5082400
Server Core	KB5082403
Standard	KB5082398
Standard	KB5082400
Standard	KB5082403

Windows Server 2012 R2

Server Core	KB5082398
Server Core	KB5082402
Server Core	KB5082403
Standard	KB5082398
Standard	KB5082402
Standard	KB5082403

Windows Server 2022

23H2 Server Core	KB5082418
Server Core	KB5082425
Server Core	KB5082427
Standard	KB5082425
Standard	KB5082427

Windows Server 2025

Server Core	KB5082417
Standard	KB5082417

Red Hat Enterprise Linux Releases

Red Hat Product

Release

aspnetcore-runtime-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

aspnetcore-runtime-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

aspnetcore-runtime-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

aspnetcore-runtime-dbg-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

aspnetcore-runtime-dbg-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

aspnetcore-runtime-dbg-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

aspnetcore-targeting-pack-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

aspnetcore-targeting-pack-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

aspnetcore-targeting-pack-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet

RHEL 8

0:10.0.106-1.el8_10

fixed

dotnet-apphost-pack-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-apphost-pack-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

dotnet-apphost-pack-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet-host

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-hostfxr-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-hostfxr-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

dotnet-hostfxr-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet-runtime-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-runtime-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

dotnet-runtime-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet-runtime-dbg-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-runtime-dbg-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

dotnet-runtime-dbg-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet-sdk-10.0

RHEL 8	0:10.0.106-1.el8_10 fixed
RHEL 9	0:10.0.106-1.el9_7 fixed

dotnet-sdk-10.0-source-built-artifacts

RHEL 8	0:10.0.106-1.el8_10 fixed
RHEL 9	0:10.0.106-1.el9_7 fixed

dotnet-sdk-8.0

RHEL 8	0:8.0.126-1.el8_10 fixed
RHEL 9	0:8.0.126-1.el9_7 fixed

dotnet-sdk-8.0-source-built-artifacts

RHEL 8	0:8.0.126-1.el8_10 fixed
RHEL 9	0:8.0.126-1.el9_7 fixed

dotnet-sdk-9.0

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

dotnet-sdk-9.0-source-built-artifacts

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

dotnet-sdk-aot-10.0

RHEL 8	0:10.0.106-1.el8_10 fixed
RHEL 9	0:10.0.106-1.el9_7 fixed

dotnet-sdk-aot-9.0

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

dotnet-sdk-dbg-10.0

RHEL 8	0:10.0.106-1.el8_10 fixed
RHEL 9	0:10.0.106-1.el9_7 fixed

dotnet-sdk-dbg-8.0

RHEL 8	0:8.0.126-1.el8_10 fixed
RHEL 9	0:8.0.126-1.el9_7 fixed

dotnet-sdk-dbg-9.0

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

dotnet-targeting-pack-10.0

RHEL 8	0:10.0.6-1.el8_10 fixed
RHEL 9	0:10.0.6-1.el9_7 fixed

dotnet-targeting-pack-8.0

RHEL 8	0:8.0.26-1.el8_10 fixed
RHEL 9	0:8.0.26-1.el9_7 fixed

dotnet-targeting-pack-9.0

RHEL 8	0:9.0.15-1.el8_10 fixed
RHEL 9	0:9.0.15-1.el9_7 fixed

dotnet-templates-10.0

RHEL 8	0:10.0.106-1.el8_10 fixed
RHEL 9	0:10.0.106-1.el9_7 fixed

dotnet-templates-8.0

RHEL 8	0:8.0.126-1.el8_10 fixed
RHEL 9	0:8.0.126-1.el9_7 fixed

dotnet-templates-9.0

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

netstandard-targeting-pack-2.1

RHEL 8	0:9.0.116-1.el8_10 fixed
RHEL 9	0:9.0.116-1.el9_7 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116