Asp Net Core
CVE-2026-26130
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
AnalysisAI
Uncontrolled resource allocation in ASP.NET Core enables unauthenticated remote attackers to exhaust system resources and cause denial of service without requiring user interaction. The vulnerability affects .NET applications exposed to network access, allowing attackers to trigger unbounded resource consumption from any network location. A patch is available to address this issue.
Technical ContextAI
This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
RemediationAI
A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.
More in Asp Net Core
View allAllocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service ove
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a s
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retri
Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memor
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project tem
ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required
ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required
ASP.NET Core Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely e
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulner
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Liberty Linux 8 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-4vgm-c2wm-63mw