Bug 2446134 (CVE-2026-26130)

Summary: CVE-2026-26130 asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service (DoS) attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2446423, 2446424, 2446425, 2446426, 2446427, 2446428, 2446441, 2446442, 2446443    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-10 18:04:56 UTC 
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Comment 3 errata-xmlrpc 2026-03-12 09:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:4450 https://access.redhat.com/errata/RHSA-2026:4450
Comment 4 errata-xmlrpc 2026-03-12 09:25:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:4453 https://access.redhat.com/errata/RHSA-2026:4453
Comment 5 errata-xmlrpc 2026-03-12 09:27:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:4451 https://access.redhat.com/errata/RHSA-2026:4451
Comment 6 errata-xmlrpc 2026-03-12 09:39:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4443 https://access.redhat.com/errata/RHSA-2026:4443
Comment 7 errata-xmlrpc 2026-03-12 10:16:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4455 https://access.redhat.com/errata/RHSA-2026:4455
Comment 8 errata-xmlrpc 2026-03-12 10:19:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4458 https://access.redhat.com/errata/RHSA-2026:4458
Comment 9 errata-xmlrpc 2026-03-12 15:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:4454 https://access.redhat.com/errata/RHSA-2026:4454
Comment 10 errata-xmlrpc 2026-03-12 15:23:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:4445 https://access.redhat.com/errata/RHSA-2026:4445
Comment 11 errata-xmlrpc 2026-03-12 15:27:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:4456 https://access.redhat.com/errata/RHSA-2026:4456