Excessive CPU Usage Vulnerability in Microsoft .NET 8.0 and .NET 9.0
CVE-2026-25667
Currently unrated
What is CVE-2026-25667?
A vulnerability exists in ASP.NET Core Kestrel within Microsoft .NET versions 8.0 prior to 8.0.22 and 9.0 prior to 9.0.11. This flaw enables remote attackers to exploit crafted QUIC packets, potentially leading to excessive CPU consumption due to an incorrect exit condition in the HTTP/3 Encoder/Decoder stream processing. Successful exploitation can hamper the performance of the application, rendering it unresponsive to legitimate requests.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.