🟠 High | Source: Microsoft Security Response Center
CVE-2026-47302 is a denial of service vulnerability in Microsoft .NET caused by unbounded resource allocation — meaning an attacker can exhaust server resources without needing to authenticate. This can render applications and services built on .NET unavailable. It is exploitable remotely over a network, making it a meaningful risk for any internet-facing .NET workloads.
Security Architect’s Take: Audit your Azure and on-premises workloads for exposed .NET applications and prioritise patching to the fixed .NET runtime version as soon as it is available. In the interim, consider placing rate-limiting controls or a WAF in front of vulnerable endpoints to reduce exposure.
Original advisory: CVE-2026-47302 .NET Denial of Service Vulnerability