Home

Description

Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

PUBLISHED Reserved 2026-06-04 | Published 2026-07-14 | Updated 2026-07-14 | Assigner microsoft




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Problem types

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

10.0.14393.0 (custom) before 10.0.14393.9339
affected

10.0.17763.0 (custom) before 10.0.17763.9020
affected

6.3.9600.0 (custom) before 6.3.9600.23291
affected

6.3.9600.0 (custom) before 6.3.9600.23291
affected

10.0.14393.0 (custom) before 10.0.14393.9339
affected

10.0.14393.0 (custom) before 10.0.14393.9339
affected

10.0.17763.0 (custom) before 10.0.17763.9020
affected

10.0.17763.0 (custom) before 10.0.17763.9020
affected

10.0.20348.0 (custom) before 10.0.20348.5386
affected

10.0.26100.0 (custom) before 10.0.26100.33158
affected

10.0.26100.0 (custom) before 10.0.26100.33158
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50324 (Windows Active Directory Federation Services Denial of Service Vulnerability) vendor-advisory patch

cve.org (CVE-2026-50324)

nvd.nist.gov (CVE-2026-50324)

Download JSON