CVE-2026-32226 — MEDIUM (5.9)

Vulnerability Description

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	.Net Framework	3.5
Microsoft	Windows 10 1809	-
Microsoft	Windows Server 20H2	-
Microsoft	Windows 10 1607	-
Microsoft	Windows Server 2012	-
Microsoft	Windows 11 26H1	-
Microsoft	Windows Server 2025	-

Related Weaknesses (CWE)

CWE-362

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32226Vendor Advisory

FAQ

What is CVE-2026-32226?

CVE-2026-32226 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

How severe is CVE-2026-32226?

CVE-2026-32226 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32226?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows 10 1809, Microsoft Windows Server 20H2, Microsoft Windows 10 1607, Microsoft Windows Server 2012.