Msrc Asp.Net Core 8.0 vulnerabilities

CVE-2026-26130 [HIGH] CWE-770 ASP.NET Core Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability Description: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. ASP.NET Core: ASP.NET Core Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://dotn

CVE-2025-55315 [CRITICAL] CWE-444 ASP.NET Security Feature Bypass Vulnerability ASP.NET Security Feature Bypass Vulnerability Description: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. FAQ: How could an attacker exploit the vulnerability? An authenticated attacker could exploit the vulnerability by sending a malicious http request to the web server. FAQ: According to t

CVE-2025-26682 [HIGH] CWE-770 ASP.NET Core and Visual Studio Denial of Service Vulnerability ASP.NET Core and Visual Studio Denial of Service Vulnerability Description: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. ASP.NET Core: ASP.NET Core Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation

CVE-2025-24070 [HIGH] CWE-1390 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Description: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the comprom

CVE-2024-21386 [HIGH] CWE-400 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability .NET: .NET Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: https://dotnet.microsoft.com/download/dotnet/6.0 Reference: https://github.com/dotnet/announcements/issues/295 Reference: https://dotnet.microsoft.com/do

CVE-2023-36038 [HIGH] CWE-400 ASP.NET Core Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H

CVE-2023-36558 [MEDIUM] ASP.NET Core Security Feature Bypass Vulnerability ASP.NET Core Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An unauthenticated attacker could bypass validations on Blazor Server forms. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could expl