diff --git a/src/shared/inc/hns_schema.h b/src/shared/inc/hns_schema.h
index 0c265db65..51d9ba8f3 100644
--- a/src/shared/inc/hns_schema.h
+++ b/src/shared/inc/hns_schema.h
@@ -424,8 +424,10 @@ struct HNSNetwork
     std::vector<Subnet> Subnets;
     NetworkFlags Flags{};
     InterfaceConstraint InterfaceConstraint{};
+    bool IsLoopback{};
 
-    NLOHMANN_DEFINE_TYPE_INTRUSIVE_WITH_DEFAULT(HNSNetwork, ID, Name, SourceMac, DNSSuffix, DNSServerList, DNSDomain, Subnets, Flags, InterfaceConstraint);
+    NLOHMANN_DEFINE_TYPE_INTRUSIVE_WITH_DEFAULT(
+        HNSNetwork, ID, Name, SourceMac, DNSSuffix, DNSServerList, DNSDomain, Subnets, Flags, InterfaceConstraint, IsLoopback);
 };
 
 enum class NetworkMode
diff --git a/src/windows/service/exe/MirroredNetworking.cpp b/src/windows/service/exe/MirroredNetworking.cpp
index 417006ea7..c01f1e18e 100644
--- a/src/windows/service/exe/MirroredNetworking.cpp
+++ b/src/windows/service/exe/MirroredNetworking.cpp
@@ -440,7 +440,26 @@ void MirroredNetworking::AddNetworkEndpoint(const GUID& NetworkId) noexcept
         endpointInfo.NetworkId = NetworkId;
         endpointInfo.EndpointId = endpointId;
 
-        if (m_config.FirewallConfig.Enabled())
+        // Loopback networks don't support firewall policies - creating an endpoint with firewall
+        // policies on a loopback network will fail with HCN error 0x803B001B ("Invalid JSON document
+        // string"). This behavior changed in KB5074109. Additionally, loopback networks require
+        // HostComputeNetwork instead of VirtualNetwork in the endpoint settings.
+        // See: https://github.com/microsoft/WSL/issues/14080
+        const bool isLoopbackNetwork = properties.IsLoopback;
+
+        if (isLoopbackNetwork)
+        {
+            WSL_LOG(
+                "MirroredNetworking::AddNetworkEndpoint [Loopback network - using simplified endpoint settings]",
+                TraceLoggingValue(NetworkId, "networkId"));
+            // Loopback networks require HostComputeNetwork (not VirtualNetwork) and don't support policies
+            hns::HostComputeEndpoint hnsEndpoint{};
+            hnsEndpoint.HostComputeNetwork = NetworkId;
+            hnsEndpoint.SchemaVersion.Major = 2;
+            hnsEndpoint.SchemaVersion.Minor = 16;
+            endpointSettings = ToJsonW(hnsEndpoint);
+        }
+        else if (m_config.FirewallConfig.Enabled())
         {
             // Create HNS firewall policy object for the endpoint
             hns::HostComputeEndpoint hnsEndpoint{};