dotnet: .NET: infinite loop allows an attacker to cause a denial of service

A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...

dotnet: .NET: infinite loop allows an attacker to cause a denial of service

A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

CVE-2026-42899

CVE-2026-42899 affects ASP.NET Core and is described as a loop with an unreachable exit condition that can cause an infinite loop, enabling a network-accessible attacker to perform a denial-of-service. Exploitation details are not provided in the documents beyond the high-severity impact (CVSS 3....

CVE-2026-42899

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

PT-2026-40264

Name of the Vulnerable Software and Affected Versions ASP.NET Core versions prior to 8.0.27 ASP.NET Core versions prior to 9.0.16 ASP.NET Core versions prior to 10.0.8 Description An unauthorized attacker can cause a denial of service over a network due to a loop with an unreachable exit conditio...

UBUNTU-CVE-2026-42899

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

ROS-20260429-73-0045

A vulnerability in the ASP.NET Core software platform is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

EUVD-2026-24249

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege...

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

CVE-2026-40372

A flaw was found in ASP.NET Core due to improper verification of cryptographic signatures. An unauthorized attacker can exploit this vulnerability remotely over a network, leading to privilege escalation...

The vulnerability exploited in Microsoft’s ASP.NET Core framework

Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372 , carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has...

CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

CVE-2026-6022

CVE-2026-6022 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload). Before 2026.1.421, RadAsyncUpload allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, causing disk space exhaustion. Affected: RadAsyncUpload in T...

CVE-2026-40372

ASP.NET Core has a elevation-of-privilege vulnerability (CVE-2026-40372) due to improper verification of a cryptographic signature. The issue affects ASP.NET Core components where signature verification is required, enabling a remote attacker to elevate privileges over a network without user inte...