Home

Description

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

PUBLISHED Reserved 2025-02-12 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

8.0 (custom) before 8.0.15
affected

9.0 (custom) before 9.0.4
affected

17.10.0 (custom) before 17.10.13
affected

17.12.0 (custom) before 17.12.7
affected

17.13.0 (custom) before 17.13.6
affected

17.8.0 (custom) before 17.8.20
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 (ASP.NET Core and Visual Studio Denial of Service Vulnerability) vendor-advisory patch

cve.org (CVE-2025-26682)

nvd.nist.gov (CVE-2025-26682)

Download JSON