Denial of Service Vulnerability in ASP.NET Core by Microsoft
CVE-2026-26130

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Asp.net Core 10.0; Asp.net Core 8.0; Asp.net Core 9.0
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-26130?

The ASP.NET Core framework has a vulnerability that involves the unsupervised allocation of resources, potentially allowing an unauthorized attacker to execute a denial of service attack on a network. This flaw can lead to service disruption, affecting the availability of web applications and services dependent on the framework.

Affected Version(s)

ASP.NET Core 10.0 10.0 < 10.0.4

ASP.NET Core 8.0 8.0 < 8.0.25

ASP.NET Core 9.0 9.0 < 9.0.14

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2026-26130 Data

JSON