CVE-2026-45646
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-45646, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft asp.net_core *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-45646 is a vulnerability in ASP.NET Core where resources are allocated without proper limits or throttling. This means that an unauthorized attacker can send requests or inputs that consume excessive system resources, such as memory or CPU, without any restrictions.

The vulnerability allows the attacker to exploit this lack of resource management to cause a denial of service (DoS) over a network. This can result in the affected ASP.NET Core application becoming unresponsive or crashing, preventing legitimate users from accessing it.

Impact Analysis

If you are using an affected version of ASP.NET Core, this vulnerability can impact you in the following ways:

  • Your application or service may become unavailable to users due to a denial of service attack.
  • System resources (such as CPU, memory, or network bandwidth) may be exhausted, leading to degraded performance or crashes.
  • Unauthorized attackers can exploit this vulnerability remotely without needing any privileges or user interaction, increasing the risk of widespread disruption.

The CVSS base score of 7.5 indicates a high severity, meaning the impact is significant and could lead to prolonged downtime if exploited.

Compliance Impact

This vulnerability may affect compliance with common standards and regulations in the following ways:

  • GDPR: Under GDPR, organizations must ensure the availability and resilience of processing systems and services. A denial of service attack exploiting this vulnerability could disrupt services, potentially violating Article 32, which requires the implementation of appropriate technical measures to ensure security.
  • HIPAA: For organizations handling protected health information (PHI), HIPAA requires ensuring the confidentiality, integrity, and availability of electronic PHI. A successful denial of service attack could compromise availability, leading to non-compliance with the HIPAA Security Rule.
  • Other standards: Many compliance frameworks, such as ISO 27001 or NIST SP 800-53, require organizations to implement controls to prevent and mitigate denial of service attacks. Failure to address this vulnerability could result in non-compliance with these standards.

While the vulnerability itself does not directly expose sensitive data, the resulting service disruption could have indirect compliance implications depending on the nature of the affected systems.

Mitigation Strategies

Apply the latest security updates provided by Microsoft for ASP.NET Core to address CVE-2026-45646.

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-45646 to download and install the necessary patches.
  • Monitor network traffic for unusual patterns that may indicate exploitation attempts, such as excessive resource allocation requests.
  • Implement rate limiting or request throttling mechanisms in your ASP.NET Core applications to prevent resource exhaustion attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart