CVE-2026-33116

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 .NET (affected versions not specified) .NET Framework (affected versions not specified) Visual Studio (affected versions not specified)

Description An issue exists in the EncryptedXml class where an unauthorized attacker can cause an infinite loop, which is a loop with an unreachable exit condition. This can be exploited over a network to perform a Denial of Service attack, causing the system to become unavailable.

Recommendations Update System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 to version 10.0.6. Update System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 to version 9.0.15. Update System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 to version 8.0.3.

Fix

DoS

Resource Exhaustion

RCE

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20CWE-835

Related Identifiers

ALSA-2026:8468

ALSA-2026:8469

ALSA-2026:8470

ALSA-2026:8472

ALSA-2026:8473

ALSA-2026:8475

BDU:2026-05660

BIT-DOTNET-2026-33116

BIT-DOTNET-SDK-2026-33116

CVE-2026-33116

GHSA-37GX-XXP4-5RGX

RHSA-2026:13693

RHSA-2026:8467

RHSA-2026:8468

RHSA-2026:8469

RHSA-2026:8470

RHSA-2026:8471

RHSA-2026:8472

RHSA-2026:8473

RHSA-2026:8474

RHSA-2026:8475

RHSA-2026:9077

RHSA-2026:9080

RHSA-2026:9205

USN-8176-1

USN-8216-1

Affected Products

.Net Framework

Linuxmint

Rocky Linux

System.Security.Cryptography.Xml

Ubuntu

Visual Studio

CVE-2026-33116

Weakness Enumeration

Related Identifiers

Affected Products

References · 68