PT-2026-32748 · Microsoft+3 · System.Security.Cryptography.Xml+3

Ludvig Pedersen

·

Published

2026-04-14

·

Updated

2026-05-08

·

CVE-2026-26171

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2
Description Uncontrolled resource consumption in the EncryptedXml class allows an unauthorized attacker to perform a Denial of Service attack over a network.
Recommendations Update System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 to version 10.0.6. Update System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 to version 9.0.15. Update System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 to version 8.0.3.

Fix

DoS

XXE

Resource Exhaustion

Weakness Enumeration

CWE-611CWE-400

Related Identifiers

ALSA-2026:8468
ALSA-2026:8469
ALSA-2026:8470
ALSA-2026:8472
ALSA-2026:8473
ALSA-2026:8475
BDU:2026-05498
BIT-DOTNET-2026-26171
BIT-DOTNET-SDK-2026-26171
BIT-POWERSHELL-2026-26171
CVE-2026-26171
GHSA-W3X6-4M5H-CXQF
RHSA-2026:13280
RHSA-2026:13281
RHSA-2026:13282
RHSA-2026:13283
RHSA-2026:13693
RHSA-2026:8467
RHSA-2026:8468
RHSA-2026:8469
RHSA-2026:8470
RHSA-2026:8471
RHSA-2026:8472
RHSA-2026:8473
RHSA-2026:8474
RHSA-2026:8475
RHSA-2026:9077
RHSA-2026:9080
RHSA-2026:9205
USN-8176-1
USN-8216-1

Affected Products

Linuxmint
Rocky Linux
System.Security.Cryptography.Xml
Ubuntu