CVE-2026-26130
Received
Received - Intake
Resource Exhaustion in ASP.NET Core Enables Network DoS Attack
Publication date: 2026-03-10
Last updated on: 2026-04-02
Assigner: Microsoft Corporation
Description
Description
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | asp.net_core | From 10.0.0 (inc) to 10.0.4 (exc) |
| microsoft | asp.net_core | From 8.0.0 (inc) to 8.0.25 (exc) |
| microsoft | asp.net_core | From 9.0.0 (inc) to 9.0.14 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the allocation of resources without any limits or throttling in ASP.NET Core. Because of this, an unauthorized attacker can exploit the system to cause a denial of service over a network.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to deny service to legitimate users by exhausting system resources, leading to service unavailability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70