Mar 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-26130 Published on March 10, 2026

ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Github Repository Vendor Advisory NVD

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Products Associated with CVE-2026-26130

stack.watch emails you whenever new vulnerabilities are published in Microsoft ASP.NET Core or Canonical Ubuntu Linux. Just hit a watch button to start following.

Microsoft ASP.NET Core

Canonical Ubuntu Linux

Affected Versions

Microsoft ASP.NET Core 10.0:

Version 10.0 and below 10.0.4 is affected.

Microsoft ASP.NET Core 8.0:

Version 8.0 and below 8.0.25 is affected.

Microsoft ASP.NET Core 9.0:

Version 9.0 and below 9.0.14 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2026-26130

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.AspNetCore.App.Runtime.osx-arm64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.osx-arm64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.osx-arm64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 9.0.0, <= 9.0.13	9.0.14
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 10.0.0, <= 10.0.3	10.0.4
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 8.0.0, <= 8.0.24	8.0.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 10.0.0, <= 10.0.3	10.0.4