Microsoft Microsoft.Aspnetcore.App.Runtime.Linux-X64 vulnerabilities

CVE-2026-26130 [HIGH] CWE-770 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability ex

CVE-2025-55315 [CRITICAL] CWE-444 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability # Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This a

CVE-2025-36854 [HIGH] CWE-416 EOL ASP.NET 6.0 Remote Code Execution Vulnerability EOL ASP.NET 6.0 Remote Code Execution Vulnerability A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html , Use After Free is when a product

CVE-2025-7326 [HIGH] CWE-1390 CVE-2025-7326: Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

CVE-2025-24070 [HIGH] CWE-1390 Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability # Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0, ASP.NET Core 8.0, ASP.NET Core 6.0, and ASP.NET Core 2.3. This advisory a

CVE-2024-38229 [HIGH] CWE-416 CVE-2024-38229: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-35264 [HIGH] CWE-416 Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their app

CVE-2024-30046 [MEDIUM] CWE-362 Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their

CVE-2024-21386 [HIGH] CWE-400 Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do

CVE-2022-34716 [MEDIUM] .NET Information Disclosure Vulnerability .NET Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ##

CVE-2023-33170 [HIGH] CWE-362 Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability # Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can d

CVE-2022-23267 [HIGH] CWE-400 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1 where a malicious client can cause a Denial of Service via excess memory allo

CVE-2022-21986 [HIGH] .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. ### Affected Software

CVE-2022-24464 [HIGH] .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http f

CVE-2022-38013 [HIGH] .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial o

CVE-2022-29117 [HIGH] CWE-400 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can manipulate cookies and cause a Denial of Service

CVE-2022-29145 [HIGH] .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can can cause a denial of service when HTML forms are parsed

CVE-2020-1161 [HIGH] CWE-20 ASP.NET Core Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

CVE-2021-1723 [HIGH] ASP.NET Core and Visual Studio Denial of Service Vulnerability ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

CVE-2020-0603 [HIGH] CWE-119 Remote code execution in ASP.NET Core Remote code execution in ASP.NET Core A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.