Primary

Context

Microsoft ASP.NET Core Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Microsoft ASP.NET Core versions 8.0.25, 9.0.14, and 10.0.4. This vulnerability arises from the allocation of resources without proper limits or throttling, allowing an unauthorized attacker to disrupt service over a network.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing a significant disruption in service availability.

Remediation

Users can download the security update for ASP.NET Core 10.0 from the .NET download site. For ASP.NET Core 9.0 and 8.0, similar security updates are available on their respective download pages. After applying the update, users should verify that their application is running the patched version.

Added: Mar 10, 2026, 7:07 PM

Updated: Mar 10, 2026, 7:07 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.7

threat

0.1

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.7

threat

0.1

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft ASP.NET Core Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft ASP.NET Core

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating