CVE-2026-26130
Description
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CWE
- CWE-770 — CWE-770: Allocation of Resources Without Limits or Throttling
Affected
- Microsoft / ASP.NET Core 10.0 — v=10.0 <10.0.4 [affected]
- Microsoft / ASP.NET Core 8.0 — v=8.0 <8.0.25 [affected]
- Microsoft / ASP.NET Core 9.0 — v=9.0 <9.0.14 [affected]
CVSS
- 3.1 score=7.5 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130 vendor-advisory, patch
Source
cvelistV5-main/cves/2026/26xxx/CVE-2026-26130.json