VDB

CVE-2026-45591

CVE-2026-45591 PUBLISHED CVSS 7.5 HIGH

Reported by microsoft · Published June 9, 2026

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
Microsoft.NET 10.010.0.0
Microsoft.NET 8.08.0.0
Microsoft.NET 9.09.0.0
MicrosoftASP.NET Core 10.010.0
MicrosoftASP.NET Core 8.08.0
MicrosoftASP.NET Core 9.09.0
MicrosoftMicrosoft Visual Studio 2026 version 18.618.6.0
Microsoft.NET 8.08.0.0, 8.0.0
microsoftasp.net_core8.0, 8.0, 9.0
microsoftvisual_studio_202618.6.0, 18.6.0
Microsoft.NET 9.09.0.0, 9.0.0
MicrosoftASP.NET Core 9.09.0, 9.0
MicrosoftASP.NET Core 8.08.0, 8.0
MicrosoftMicrosoft Visual Studio 2026 version 18.618.6.0, 18.6.0
Microsoft.NET 10.010.0.0, 10.0.0
alpinedotnet8-runtime0
MicrosoftASP.NET Core 10.010.0, 10.0
alpinedotnet10-runtime0, 0, 0
alpinedotnet9-runtime0, 0, 0
microsoft.net8.0.0, 10.0.0, 8.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 10, 2026 CVE Updated
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory
  • Jun 11, 2026 Distribution Patch
  • Jun 11, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›