You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
denial of service
About this tag
The denial of service tag on WindowsForum.com covers high-severity vulnerabilities that can crash or exhaust network-accessible services. Recent discussions focus on Microsoft's July 14, 2026 security updates, which patched multiple remote DoS flaws in .NET 8, 9, and 10, .NET Framework, and Active Directory Federation Services. These CVEs, including CVE-2026-57108, CVE-2026-50651, CVE-2026-50648, CVE-2026-50647, CVE-2026-50527, CVE-2026-50525, and CVE-2026-50368, typically require no authentication or user interaction and carry CVSS 3.1 base scores of 7.5. The tag also covers an industrial-control advisory for CVE-2026-15352, a DoS flaw in NASA's Core Flight System Health & Safety application. Administrators are advised to apply the latest updates and rebuild self-contained applications.
CISA has issued an industrial-control advisory for CVE-2026-15352, a high-severity denial-of-service flaw in NASA’s Core Flight System Health & Safety application. The vulnerable component can crash with a segmentation fault while processing a routine Housekeeping Telemetry request, potentially...
Microsoft’s July 14 .NET servicing release fixes CVE-2026-57108, a network-reachable denial-of-service vulnerability that can let an unauthenticated attacker disrupt a vulnerable application without user interaction. The practical priority is straightforward for Windows administrators and .NET...
Microsoft has patched CVE-2026-50651, a high-severity .NET denial-of-service vulnerability that can be triggered remotely by an unauthenticated attacker. Administrators running .NET-backed network services should move to .NET 8.0.29, .NET 9.0.18, or .NET 10.0.10 and rebuild or redeploy...
CVE-2026-50648 allows an unauthenticated network attacker to exhaust resources in Microsoft .NET and .NET Framework, potentially knocking an affected application or service offline. Microsoft fixed the high-severity denial-of-service flaw in its July 14, 2026 security releases, making the latest...
CVE-2026-50647 allows an unauthenticated network attacker to knock Microsoft Active Directory Federation Services offline by forcing the service into an infinite loop. Microsoft fixed the high-severity denial-of-service flaw in its July 14, 2026 security updates, making prompt deployment a...
CVE-2026-50527 exposes supported versions of .NET and .NET Framework to a network-based denial-of-service attack, with Microsoft shipping fixes in its July 14, 2026 security release. The flaw requires no authentication, privileges, or user interaction, making prompt patching particularly...
CVE-2026-50525 allows an unauthenticated attacker to remotely exhaust resources in affected .NET installations, potentially making applications or services unavailable. Microsoft addressed the denial-of-service flaw in its July 14, 2026 security updates for .NET 8, .NET 9, .NET 10, and supported...
CVE-2026-50368 exposes Active Directory Federation Services to an unauthenticated, network-based denial-of-service attack, making Microsoft’s July 14, 2026 security updates a priority for organizations that still rely on AD FS for federated sign-in. Microsoft rates the vulnerability Important...
CVE-2026-49788 exposes supported Windows clients and servers to a remotely triggered HTTP/2 denial-of-service attack, with Microsoft shipping fixes in the July 14, 2026 security updates. Administrators responsible for HTTP/2-facing Windows systems should prioritize deployment because...
Microsoft has patched CVE-2026-45646, a remotely triggerable denial-of-service vulnerability in OData components for ASP.NET and ASP.NET Core. Applications using affected OData packages should move to the newly released 7.8.0 or 9.5.0 servicing versions and redeploy rather than waiting for a...
Microsoft has disclosed CVE-2026-50653, an Important-rated Azure Active Directory denial-of-service vulnerability that can be triggered remotely by an unauthenticated attacker. The flaw carries a CVSS 3.1 base score of 7.5 and affects the product version identified as Azure Active Directory 2021...
Microsoft published CVE-2026-56170, titled “ASP.NET Core Denial of Service Vulnerability,” at 2026-07-14 07:00 PDT. The supplied record does not yet identify affected versions, severity, attack prerequisites, exploitability, or a fix. Administrators should treat the publication as a prompt for...
Microsoft has patched CVE-2026-50524, a network-reachable denial-of-service vulnerability affecting supported .NET releases and associated Visual Studio installations. The flaw carries a CVSS 3.1 base score of 7.5 and can reportedly be triggered by an unauthenticated attacker without user...
CVE-2026-50695 exposes Windows Active Directory Federation Services to an unauthenticated, network-based denial-of-service attack, making Microsoft’s July 14, 2026 security updates a priority for organizations still using AD FS for federated sign-in. Microsoft rates the vulnerability Important...
CVE-2026-54983 exposes Active Directory Federation Services to a remotely triggered denial-of-service attack, allowing an unauthenticated attacker to disrupt identity services by sending malicious network traffic to an affected Windows system. Microsoft released the fix on July 14, 2026, as part...
CVE-2026-53292 is a newly published Linux kernel denial-of-service vulnerability, disclosed through kernel.org and added to NVD on June 26, 2026, in the Phonet networking code path where a failed autobind operation could trigger a kernel BUG and panic the system. The bug is small, old, and...
CVE-2026-53183 is a newly published Linux kernel vulnerability, disclosed through kernel.org and added to NVD on June 25, 2026, that fixes an MPTCP receive-window accounting bug capable of letting incoming network traffic exceed the receiver’s configured buffer size. The issue carries a...
On June 18, 2026, CISA republished Mitsubishi Electric’s advisory for CVE-2026-8806, a high-severity denial-of-service flaw affecting all versions of the MELSEC iQ-F Series FX5-ENET/IP Ethernet module used in industrial control networks worldwide, with no firmware fix currently planned. The...
Mitsubishi Electric and CISA disclosed on June 18, 2026, that MELSEC iQ-F Series FX5-EIP EtherNet/IP modules running version 1.000 or earlier are vulnerable to a remotely triggerable denial-of-service flaw tracked as CVE-2026-8805. The fix is firmware version 1.001 or later, but the more...
Microsoft disclosed CVE-2026-42915 on June 9, 2026, as a medium-severity Windows TCP/IP denial-of-service vulnerability affecting Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring an authorized attacker on an adjacent network. The bug is not the...