PT-2026-24332 · Microsoft+4 · .Net 10.0+8

Bartłomiej Dach

Publicado

2026-03-10

Atualizado

2026-04-29

CVE-2026-26130

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions .NET 8.0 versions 8.0.0 through 8.0.24 .NET 9.0 versions 9.0.0 through 9.0.13 .NET 10.0 versions 10.0.0 through 10.0.3

Description An uncontrolled resource allocation issue exists in ASP.NET Core, potentially allowing an unauthorized attacker to cause a denial of service (DoS) over a network. The issue stems from the lack of limits or throttling on resource allocation. A specially crafted message to a SignalR server can exhaust an internal buffer, leading to service disruption. It is estimated that a large number of devices worldwide could be affected.

Recommendations Update to .NET 8.0.25. Update to .NET 9.0.14. Update to .NET 10.0.4.

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

ALSA-2026:4443

ALSA-2026:4445

ALSA-2026:4450

ALSA-2026:4451

ALSA-2026:4453

ALSA-2026:4454

ALSA-2026:4455

ALSA-2026:4456

ALSA-2026:4458

BDU:2026-03049

BIT-ASPNET-CORE-2026-26130

CVE-2026-26130

GHSA-4VGM-C2WM-63MW

GHSA-VH8F-65QG-3M8J

RHSA-2026:10082

RHSA-2026:10083

RHSA-2026:10084

RHSA-2026:10085

RHSA-2026:10091

RHSA-2026:4443

RHSA-2026:4445

RHSA-2026:4450

RHSA-2026:4451

RHSA-2026:4453

RHSA-2026:4454

RHSA-2026:4455

RHSA-2026:4456

RHSA-2026:4458

USN-8085-1

Produtos afetados

.Net 10.0

.Net 8.0

.Net 9.0

Asp.Net Core

Linuxmint

Red Os

Rocky Linux

Signalr

Ubuntu

PT-2026-24332 · Microsoft+4 · .Net 10.0+8

CVE-2026-26130

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74