CVE-2026-42899

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ASP.NET Core versions prior to 8.0.27 ASP.NET Core versions prior to 9.0.16 ASP.NET Core versions prior to 10.0.8

Description An unauthorized attacker can cause a denial of service over a network due to a loop with an unreachable exit condition, resulting in an infinite loop. This issue impacts multiple runtime packages across Linux, Windows, and macOS platforms.

Recommendations Update to version 8.0.27 or later. Update to version 9.0.16 or later. Update to version 10.0.8 or later.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2026:21286

ALSA-2026:21291

ALSA-2026:21293

ALSA-2026:21294

ALSA-2026:21295

ALSA-2026:21296

ALSA-2026:21297

ALSA-2026:21754

ALSA-2026:22145

BDU:2026-06767

BIT-DOTNET-2026-42899

BIT-DOTNET-SDK-2026-42899

CVE-2026-42899

GHSA-9V76-4QCC-FRGH

USN-8298-1

Affected Products

Asp.Net Core

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-42899

Weakness Enumeration

Related Identifiers

Affected Products

References · 62