Threat Intelligence / CVE / CVE-2026-33115

CVE-2026-33115

CVSS 8.1 (HIGH) · EPSS 0.1% · Published 2026-04-14

A remote code execution vulnerability exists in .NET and Visual Studio due to unsafe deserialization in the BinaryFormatter fallback path. An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system. The vulnerability was disclosed as part of the Microsoft April 2026 Patch Tuesday release, which remediated 167 vulnerabilities across Windows, Office, SharePoint, .NET, Defender, Active Directory, Remote Desktop, Azure, Hyper-V, and supporting components. This CVE was rated Critical severity with a CVSS 8.1 base score. Exploitation requires an attacker to craft a malicious serialized object that triggers the BinaryFormatter deserialization path, which can lead to full code execution in the context of the application.

CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502

Threats tracking this CVE

Microsoft April 2026 Patch Tuesday — 167 Flaws, 2 Zero-Days (SharePoint Spoofing CVE-2026-32201 + Defender EoP CVE-2026-33825) — CRITICAL

References

Full detection coverage & IOCs for threats exploiting CVE-2026-33115 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence