CVE-2026-45591

Summary

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Affected Software

VendorProductVersion RangeStatus
Microsoft.NET 10.010.0.0 < 10.0.9affected
Microsoft.NET 8.08.0.0 < 8.0.28affected
Microsoft.NET 9.09.0.0 < 9.0.17affected
MicrosoftASP.NET Core 10.010.0 < 10.0.9affected
MicrosoftASP.NET Core 8.08.0 < 8.0.28affected
MicrosoftASP.NET Core 9.09.0 < 9.0.17affected
MicrosoftMicrosoft Visual Studio 2026 version 18.618.6.0 < 18.6.3affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

Additional References

References