CVSS 7.5 HIGH
Vulnerability
CVE-2026-42899: Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to updat…
7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-42899 |
| Vendor | nuget |
| Affected Product | Microsoft.AspNetCore.App.Runtime.win-arm |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/397
CVSS Details - Version: 3.1
• Severity: - Score: 7.5
• Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C - Weakness: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Affected Platforms - Platforms: All
• Architectures: All #
🎯 Known Indicators of Compromise
{"type":"url","value":"https://github.com/dotnet/announcements/issues/397","confidence_score":0.82,"first_seen":"2026-05-18","source_count":1}
{"type":"domain","value":"asp.net","confidence_score":0.75,"first_seen":"2026-05-18","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-42899 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →