CVE-2026-26127: CVE-2026-26127: .NET Denial of Service via Base64Url Out-of-Bounds Read

CVE-2026-26127: .NET Denial of Service via Base64Url Out-of-Bounds Read Vulnerability ID: CVE-2026-26127 CVSS Score: 7.5 Published: 2026-03-11 CVE-2026-26127 is a Denial of Service (DoS) vulnerability in the .NET runtime and the Microsoft.Bcl.Memory library. An out-of-bounds read flaw in the Base64Url decoding logic allows unauthenticated remote attackers to trigger an application crash by supplying specifically crafted, malformed string input. TL;DR An out-of-bounds read in the .NET Base64Url decoder allows remote, unauthenticated attackers to abruptly terminate the application process via malformed input, causing a Denial of Service. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-125 (Out-of-bounds Read) CVSS Score : 7.5 (High) Attack Vector : Network Impact : Denial of Service (Availability: High) Authentication Required : None EPSS Score : 0.00041 (12.26%) Exploit Status : Publicly Disclosed (PoC) CISA KEV : Not Listed Affected Systems .NET 10.0 .NET 9.0 Microsoft.Bcl.Memory

CVE-2026-26127: CVE-2026-26127: .NET Denial of Service via Base64Url Out-of-Bounds Read

Related Articles

Why Colocation Might Matter More Than We Think

Why std::mutex Beats Spinlocks (Even TTAS) Under Real Contention

Qwen3.5-Omni: Vibe Coding Gets a New Twist! Write Code by Talking to Your Camera

Why users abandon your app mid-task

Litter-Robot Promo Codes and Deals: Up to $150 Off

Related Articles

News
Why Colocation Might Matter More Than We Think
Medium Programming • 1d ago

News
Why std::mutex Beats Spinlocks (Even TTAS) Under Real Contention
Medium Programming • 1d ago

News
Qwen3.5-Omni: Vibe Coding Gets a New Twist! Write Code by Talking to Your Camera
Medium Programming • 1d ago

News
Why users abandon your app mid-task
Medium Programming • 1d ago

News
Litter-Robot Promo Codes and Deals: Up to $150 Off
Wired • 1d ago