Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-26130

Опубликовано: 10 мар. 2026
Источник: redhat
CVSS3: 7.5

Описание

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service (DoS) attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users.

Меры по смягчению последствий

To mitigate this issue, configure resource limits and throttling for ASP.NET Core applications. This can be achieved by implementing request limits within the application configuration or by utilizing resource quotas provided by container orchestration platforms like OpenShift/Kubernetes. Additionally, web servers acting as reverse proxies can be configured to rate limit incoming requests. Example for OpenShift/Kubernetes ResourceQuotas:

apiVersion: v1 kind: ResourceQuota metadata: name: aspnet-core-quotas spec: hard: requests.cpu: "1" requests.memory: "1Gi" limits.cpu: "2" limits.memory: "2Gi"

Consult ASP.NET Core documentation for application-level request throttling configurations. Ensure that any changes to resource limits or throttling are thoroughly tested to avoid unintended service disruptions. A service restart or reload may be required for changes to take effect.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9dotnet6.0Not affected
Red Hat Enterprise Linux 9dotnet7.0Not affected
Red Hat Enterprise Linux 10dotnet9.0FixedRHSA-2026:445012.03.2026
Red Hat Enterprise Linux 10dotnet8.0FixedRHSA-2026:445112.03.2026
Red Hat Enterprise Linux 10dotnet10.0FixedRHSA-2026:445312.03.2026
Red Hat Enterprise Linux 8dotnet9.0FixedRHSA-2026:444312.03.2026
Red Hat Enterprise Linux 8dotnet8.0FixedRHSA-2026:445512.03.2026
Red Hat Enterprise Linux 8dotnet10.0FixedRHSA-2026:445812.03.2026
Red Hat Enterprise Linux 9dotnet10.0FixedRHSA-2026:444512.03.2026
Red Hat Enterprise Linux 9dotnet8.0FixedRHSA-2026:445412.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2446134asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-26130

CVSS3: 7.5
ubuntu
16 дней назад

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

nvd логотип

CVE-2026-26130

CVSS3: 7.5
nvd
16 дней назад

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

msrc логотип

CVE-2026-26130

CVSS3: 7.5
msrc
17 дней назад

ASP.NET Core Denial of Service Vulnerability

rocky логотип

RLSA-2026:4455

rocky
14 дней назад

Important: .NET 8.0 security update

rocky логотип

RLSA-2026:4454

rocky
14 дней назад

Important: .NET 8.0 security update

7.5 High

CVSS3