Search CVE reports


Toggle filters

11 – 20 of 36 results


CVE-2026-47302

Medium priority

Some fixes available 4 of 6

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-47300

Medium priority

Some fixes available 4 of 6

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-57108

Medium priority

Some fixes available 4 of 6

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-56170

Medium priority

Some fixes available 7 of 9

A denial of service vulnerability exists in ASP.NET Core SignalR in .NET 8, .NET 9, and .NET 10. Stateful reconnect can be leveraged by an attacker to deny service to other users.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50650

Medium priority
Ignored

An elevation of privilege vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could...

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Not affected Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Not affected Not affected Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2026-50649

Medium priority
Ignored

A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could execute...

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Not affected Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Not affected Not affected Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2026-50646

Medium priority
Ignored

A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could execute...

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Not affected Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Not affected Not affected Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2026-45591

Medium priority

Some fixes available 7 of 9

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet8, dotnet9, dotnet10, dotnet6, dotnet7

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
Show less packages

CVE-2026-45491

Medium priority

Some fixes available 7 of 9

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

5 affected packages

dotnet8, dotnet9, dotnet10, dotnet6, dotnet7

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
Show less packages

CVE-2026-45490

Medium priority
Ignored

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

5 affected packages

dotnet10, dotnet6, dotnet7, dotnet8, dotnet9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet10 Not affected Not affected Not in release Not in release Not in release
dotnet6 Not in release Not in release Not affected Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Not affected Not affected Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
Show less packages