Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42899 (GCVE-0-2026-42899)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-05-26 16:56
VLAI
EPSS
Title
ASP.NET Core Denial of Service Vulnerability
Summary
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Severity
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
Date Public
2026-05-12 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T20:10:06.642009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:10:19.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 10.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.27",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.16",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.8",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in ASP.NET Core allows an unauthorized attacker to deny service over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:56:40.678Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ASP.NET Core Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899"
}
],
"title": "ASP.NET Core Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-42899",
"datePublished": "2026-05-12T16:59:06.838Z",
"dateReserved": "2026-04-30T22:35:54.967Z",
"dateUpdated": "2026-05-26T16:56:40.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42899",
"date": "2026-05-30",
"epss": "0.00036",
"percentile": "0.11068"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42899\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-05-12T18:17:26.733\",\"lastModified\":\"2026-05-13T18:39:43.843\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Loop with unreachable exit condition (\u0027infinite loop\u0027) in ASP.NET Core allows an unauthorized attacker to deny service over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.27\",\"matchCriteriaId\":\"22FEE1A6-0E92-4E1A-B3C0-AD8DF6EE7B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.16\",\"matchCriteriaId\":\"1F144BCB-8CEA-451A-9048-2A706EA67262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.8\",\"matchCriteriaId\":\"480D562B-C22F-4227-B1F2-1DFA7E239DC7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42899\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T20:10:06.642009Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T20:10:15.795Z\"}}], \"cna\": {\"title\": \"ASP.NET Core Denial of Service Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 10.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.8\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.27\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 9.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.0.16\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-05-12T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899\", \"name\": \"ASP.NET Core Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Loop with unreachable exit condition (\u0027infinite loop\u0027) in ASP.NET Core allows an unauthorized attacker to deny service over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.27\", \"versionStartIncluding\": \"8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"9.0.16\", \"versionStartIncluding\": \"9.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.8\", \"versionStartIncluding\": \"10.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-26T16:56:40.678Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42899\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-26T16:56:40.678Z\", \"dateReserved\": \"2026-04-30T22:35:54.967Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-05-12T16:59:06.838Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:21286
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-28 12:38
Summary
Important: .NET 8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es):
- serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): \n\n * serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21286",
"modified": "2026-05-28T12:38:35Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21286"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-34043"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2453284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-21286.html"
}
],
"related": [
"CVE-2026-34043",
"CVE-2026-42899"
],
"summary": "Important: .NET 8.0 security update"
}
alsa-2026:21291
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-28 12:39
Summary
Important: .NET 8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es):
- serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): \n\n * serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21291",
"modified": "2026-05-28T12:39:19Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21291"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-34043"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2453284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-21291.html"
}
],
"related": [
"CVE-2026-34043",
"CVE-2026-42899"
],
"summary": "Important: .NET 8.0 security update"
}
alsa-2026:21293
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-28 12:37
Summary
Important: .NET 8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es):
- serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.27-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.127-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): \n\n * serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21293",
"modified": "2026-05-28T12:37:49Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21293"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-34043"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2453284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-21293.html"
}
],
"related": [
"CVE-2026-34043",
"CVE-2026-42899"
],
"summary": "Important: .NET 8.0 security update"
}
alsa-2026:21294
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-29 09:45
Summary
Important: .NET 9.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-9.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-aot-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es): \n\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21294",
"modified": "2026-05-29T09:45:11Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21294"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-21294.html"
}
],
"related": [
"CVE-2026-42899"
],
"summary": "Important: .NET 9.0 security update"
}
alsa-2026:21295
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-29 09:45
Summary
Important: .NET 10.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-10.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-aot-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es): \n\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21295",
"modified": "2026-05-29T09:45:52Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21295"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-21295.html"
}
],
"related": [
"CVE-2026-42899"
],
"summary": "Important: .NET 10.0 security update"
}
alsa-2026:21296
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-29 09:40
Summary
Important: .NET 9.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-apphost-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-hostfxr-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-9.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-aot-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-templates-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es): \n\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21296",
"modified": "2026-05-29T09:40:28Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21296"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-21296.html"
}
],
"related": [
"CVE-2026-42899"
],
"summary": "Important: .NET 9.0 security update"
}
alsa-2026:21297
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-29 09:40
Summary
Important: .NET 10.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-targeting-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-apphost-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-hostfxr-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-10.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-aot-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-dbg-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-targeting-pack-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.8-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-templates-10.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.108-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es): \n\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21297",
"modified": "2026-05-29T09:40:26Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21297"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-21297.html"
}
],
"related": [
"CVE-2026-42899"
],
"summary": "Important: .NET 10.0 security update"
}
alsa-2026:21754
Vulnerability from osv_almalinux
Published
2026-05-28 00:00
Modified
2026-05-29 11:49
Summary
Important: .NET 9.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
- dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "aspnetcore-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-apphost-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-hostfxr-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-runtime-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-runtime-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-9.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-aot-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-sdk-dbg-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-targeting-pack-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "dotnet-templates-9.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.117-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es): \n\n * dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21754",
"modified": "2026-05-29T11:49:50Z",
"published": "2026-05-28T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21754"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476605"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-21754.html"
}
],
"related": [
"CVE-2026-42899"
],
"summary": "Important: .NET 9.0 security update"
}
bit-dotnet-2026-42899
Vulnerability from bitnami_vulndb
Published
2026-05-14 08:40
Modified
2026-05-14 09:12
Summary
ASP.NET Core Denial of Service Vulnerability
Details
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.27"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.16"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.8"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-42899"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in ASP.NET Core allows an unauthorized attacker to deny service over a network.",
"id": "BIT-dotnet-2026-42899",
"modified": "2026-05-14T09:12:37.036Z",
"published": "2026-05-14T08:40:12.793Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42899"
}
],
"schema_version": "1.6.2",
"summary": "ASP.NET Core Denial of Service Vulnerability"
}
CERTFR-2026-AVI-0585
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 6.3.9600.23181 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows Admin Center in Azure Portal versions antérieures à 2.6.7 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.8390 | ||
| Microsoft | N/A | Windows Admin Center versions antérieures à 2.6.5.16 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.7079 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.7291 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.7291 | ||
| Microsoft | N/A | Windows 11 Version 26H1 pour systèmes x64 versions antérieures à 10.0.28000.2113 | ||
| Microsoft | N/A | Windows Server 2016 versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2019 versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 25H2 pour systèmes ARM64 versions antérieures à 10.0.26200.8457 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.7079 | ||
| Microsoft | N/A | Windows 11 Version 26H1 pour systèmes ARM64 versions antérieures à 10.0.28000.2113 | ||
| Microsoft | N/A | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.5139 | ||
| Microsoft | N/A | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.2330 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.20348.5139 | ||
| Microsoft | N/A | Windows Server 2025 versions antérieures à 10.0.26100.32860 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 25H2 pour systèmes x64 versions antérieures à 10.0.26200.8457 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.8755 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.8390 | ||
| Microsoft | N/A | Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.32860 | ||
| Microsoft | N/A | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.9140 | ||
| Microsoft | N/A | Windows Server 2012 versions antérieures à 6.2.9200.26079 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.23181 | ||
| Microsoft | N/A | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.26079 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.23181",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Admin Center in Azure Portal versions ant\u00e9rieures \u00e0 2.6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.8390",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Admin Center versions ant\u00e9rieures \u00e0 2.6.5.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.7079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.7291",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 26H1 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.28000.2113",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26200.8457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.7079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 26H1 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.28000.2113",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.5139",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.2330",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.5139",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.32860",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26200.8457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.8755",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.8390",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.32860",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.9140",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.26079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.23181",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.26079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-34342",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34342"
},
{
"name": "CVE-2026-32209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32209"
},
{
"name": "CVE-2026-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40397"
},
{
"name": "CVE-2026-35419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35419"
},
{
"name": "CVE-2026-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41089"
},
{
"name": "CVE-2026-40401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40401"
},
{
"name": "CVE-2026-35438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35438"
},
{
"name": "CVE-2026-40377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40377"
},
{
"name": "CVE-2026-40380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40380"
},
{
"name": "CVE-2026-40402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40402"
},
{
"name": "CVE-2026-34345",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34345"
},
{
"name": "CVE-2026-33837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33837"
},
{
"name": "CVE-2026-32175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32175"
},
{
"name": "CVE-2026-40405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40405"
},
{
"name": "CVE-2026-34338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34338"
},
{
"name": "CVE-2026-34331",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34331"
},
{
"name": "CVE-2026-34343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34343"
},
{
"name": "CVE-2026-40369",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40369"
},
{
"name": "CVE-2026-35420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35420"
},
{
"name": "CVE-2026-34337",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34337"
},
{
"name": "CVE-2026-35433",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35433"
},
{
"name": "CVE-2026-32170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32170"
},
{
"name": "CVE-2026-34341",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34341"
},
{
"name": "CVE-2026-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34351"
},
{
"name": "CVE-2026-34340",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34340"
},
{
"name": "CVE-2026-34344",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34344"
},
{
"name": "CVE-2026-35424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35424"
},
{
"name": "CVE-2026-34329",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34329"
},
{
"name": "CVE-2026-40382",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40382"
},
{
"name": "CVE-2026-40408",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40408"
},
{
"name": "CVE-2026-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42896"
},
{
"name": "CVE-2026-35422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35422"
},
{
"name": "CVE-2026-40415",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40415"
},
{
"name": "CVE-2026-35418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35418"
},
{
"name": "CVE-2026-35423",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35423"
},
{
"name": "CVE-2026-42899",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42899"
},
{
"name": "CVE-2026-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41097"
},
{
"name": "CVE-2026-35417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35417"
},
{
"name": "CVE-2026-41086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41086"
},
{
"name": "CVE-2026-34330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34330"
},
{
"name": "CVE-2026-32177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32177"
},
{
"name": "CVE-2026-40407",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40407"
},
{
"name": "CVE-2026-32161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32161"
},
{
"name": "CVE-2026-34334",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34334"
},
{
"name": "CVE-2026-33834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33834"
},
{
"name": "CVE-2026-34332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34332"
},
{
"name": "CVE-2026-40413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40413"
},
{
"name": "CVE-2026-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41096"
},
{
"name": "CVE-2025-54518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54518"
},
{
"name": "CVE-2026-34333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34333"
},
{
"name": "CVE-2026-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21530"
},
{
"name": "CVE-2026-33838",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33838"
},
{
"name": "CVE-2026-34347",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34347"
},
{
"name": "CVE-2026-34339",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34339"
},
{
"name": "CVE-2026-42825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42825"
},
{
"name": "CVE-2026-40398",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40398"
},
{
"name": "CVE-2026-35415",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35415"
},
{
"name": "CVE-2026-33840",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33840"
},
{
"name": "CVE-2026-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41088"
},
{
"name": "CVE-2026-40410",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40410"
},
{
"name": "CVE-2026-35421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35421"
},
{
"name": "CVE-2026-40406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40406"
},
{
"name": "CVE-2026-33841",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33841"
},
{
"name": "CVE-2026-33835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33835"
},
{
"name": "CVE-2026-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40403"
},
{
"name": "CVE-2026-40399",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40399"
},
{
"name": "CVE-2026-34350",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34350"
},
{
"name": "CVE-2026-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40414"
},
{
"name": "CVE-2026-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41095"
},
{
"name": "CVE-2026-33839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33839"
},
{
"name": "CVE-2026-35416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35416"
},
{
"name": "CVE-2026-34336",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34336"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40407",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40407"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35418",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35418"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34345",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34345"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32209"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35422",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35422"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34330",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34330"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32170",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32170"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34350",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34350"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40401",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40401"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35415"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40415"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40397",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40397"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34333"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40406",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40406"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34339",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34339"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34334"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41088"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35419",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35419"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34332"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34351",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34351"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34329",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34329"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42896",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42896"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-54518",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54518"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40398"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35438",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35438"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35421",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33834",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33834"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35416",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35416"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41086",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41086"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40382"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40410",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40410"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35433",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35433"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34338"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34342",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34342"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35420",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35420"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33838",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33838"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41089",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33840",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33840"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40408",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40408"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35423",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35423"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32161",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32161"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34343",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34343"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40402",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40402"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34336"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35424",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35424"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40405",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40405"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42899",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40377",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40377"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33835",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33835"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40399",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40399"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34337",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34337"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40380",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40380"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-35417",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35417"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34340",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34340"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40414"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33839",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33839"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41095"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41097"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34331"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-32175",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32175"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33841",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33841"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40369",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40369"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40403",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40403"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-41096",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34347",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34347"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-40413",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40413"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-42825",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42825"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-33837",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33837"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34341",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34341"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-34344",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34344"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21530",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21530"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…