Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
AnalysisAI
Uncontrolled resource allocation in Microsoft's ASP.NET Core OData libraries (Microsoft.AspNetCore.OData and Microsoft.AspNet.OData) lets a remote, unauthenticated attacker exhaust server resources and cause a denial of service over the network. Any web application or API exposing OData query endpoints built on the affected packages is at risk, and the CVSS 7.5 rating reflects a high-availability impact with no confidentiality or integrity compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, catalog all web applications and APIs using Microsoft.AspNetCore.OData or Microsoft.AspNet.OData packages. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Aspnet Odata
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43991
GHSA-9xvv-3v2j-fmmm