Search CVE reports


Toggle filters

1 – 10 of 100 results


CVE-2026-50659

Medium priority

Some fixes available 4 of 6

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50651

Medium priority

Some fixes available 4 of 6

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50648

Medium priority

Some fixes available 4 of 6

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50528

Medium priority

Some fixes available 4 of 6

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50527

Medium priority

Some fixes available 4 of 6

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50526

Medium priority

Some fixes available 4 of 6

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50525

Medium priority

Some fixes available 4 of 6

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-50524

Medium priority

Some fixes available 4 of 6

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-47304

Medium priority

Some fixes available 4 of 6

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages

CVE-2026-47303

Medium priority

Some fixes available 4 of 6

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dotnet6 Not in release Not in release Vulnerable Not in release Not in release
dotnet7 Not in release Not in release Ignored Not in release Not in release
dotnet8 Not in release Fixed Fixed Not in release Not in release
dotnet9 Not in release Not in release Not in release Not in release Not in release
dotnet10 Fixed Fixed Not in release Not in release Not in release
Show less packages