CVE-2026-26130
Publication date 10 March 2026
Last updated 11 March 2026
Ubuntu priority
Description
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| dotnet6 | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet7 | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Ignored see notes | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet8 | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet9 | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet10 | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
iconstantin
.NET 7 is end of life upstream.
mdeslaur
Marking .NET 6 as deferred until information is available to determine if it is impacted.