cbcvebase.
CVE-2026-26130
published 2026-03-10

CVE-2026-26130: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftasp.net_core>= 10.0.0 < 10.0.410.0.4
microsoftasp.net_core>= 8.0.0 < 8.0.258.0.25
microsoftasp.net_core>= 9.0.0 < 9.0.149.0.14
microsoftasp.net_core_10.0>= 10.0 < 10.0.410.0.4
microsoftasp.net_core_8.0>= 8.0 < 8.0.258.0.25
microsoftasp.net_core_9.0>= 9.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm64>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm64>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-arm64>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm64>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm64>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-arm64>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-x64>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-x64>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-musl-x64>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.linux-x64>= 10.0.0 < 10.0.410.0.4
microsoftmicrosoft.aspnetcore.app.runtime.linux-x64>= 8.0.0 < 8.0.258.0.25
microsoftmicrosoft.aspnetcore.app.runtime.linux-x64>= 9.0.0 < 9.0.149.0.14
microsoftmicrosoft.aspnetcore.app.runtime.osx-arm64>= 10.0.0 < 10.0.410.0.4

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH