Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-12T16:59:06 dotnet: .NET: infinite loop allows an attacker to cause a denial of service 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources.

As this flaw allows an unauthenticated remote attacker to cause a denial of service, it has been rated with an important severity. Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. Red Hat Enterprise Linux 10 2026-05-27T00:00:00Z RHSA-2026:21286 dotnet8.0-0:8.0.127-1.el10_2 Red Hat Enterprise Linux 10 2026-05-28T00:00:00Z RHSA-2026:21754 dotnet9.0-0:9.0.117-1.el10_2 Red Hat Enterprise Linux 10 2026-06-01T00:00:00Z RHSA-2026:22145 dotnet10.0-0:10.0.108-1.el10_2 Red Hat Enterprise Linux 8 2026-05-27T00:00:00Z RHSA-2026:21291 dotnet8.0-0:8.0.127-1.el8_10 Red Hat Enterprise Linux 8 2026-05-27T00:00:00Z RHSA-2026:21294 dotnet9.0-0:9.0.117-1.el8_10 Red Hat Enterprise Linux 8 2026-05-27T00:00:00Z RHSA-2026:21295 dotnet10.0-0:10.0.108-1.el8_10 Red Hat Enterprise Linux 9 2026-05-27T00:00:00Z RHSA-2026:21293 dotnet8.0-0:8.0.127-1.el9_8 Red Hat Enterprise Linux 9 2026-05-27T00:00:00Z RHSA-2026:21296 dotnet9.0-0:9.0.117-1.el9_8 Red Hat Enterprise Linux 9 2026-05-27T00:00:00Z RHSA-2026:21297 dotnet10.0-0:10.0.108-1.el9_8 Red Hat Hardened Images 2026-05-14T00:00:00Z RHSA-2026:17464 dotnet10-0-main-10.0.108-1.hum1 Red Hat Hardened Images 2026-05-14T00:00:00Z RHSA-2026:17527 dotnet9-0-main-9.0.117-1.hum1 Red Hat Hardened Images 2026-05-14T00:00:00Z RHSA-2026:17682 dotnet8-0-main-8.0.127-1.hum1 https://www.cve.org/CVERecord?id=CVE-2026-42899 https://nvd.nist.gov/vuln/detail/CVE-2026-42899 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899