VDB
GHSA-32wq-ppwg-3w4m
GHSA-32wq-ppwg-3w4m
PUBLISHED
CVSS 7.5 HIGH
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NuGet | Microsoft.NetCore.App.Runtime.osx-x64 | 10.0.0, 9.0.2, 9.0.3 |
| NuGet | Microsoft.NetCore.App.Runtime.win-arm | 9.0.0, 10.0.0, 9.0.0 |
| NuGet | Microsoft.Bcl.Memory | 9.0.8, 9.0.2, 9.0.3 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-x64 | 9.0.2, 9.0.13, 9.0.10 |
| NuGet | Microsoft.NetCore.App.Runtime.win-x86 | 9.0.4, 9.0.9, 9.0.0 |
| NuGet | EnhancedLinq.Async | 1.0.0-beta.1, 1.0.0-beta.1, 1.0.0-beta.1 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-arm64 | 9.0.0, 10.0.0, 10.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-arm | 10.0.0, 10.0.3, 9.0.13 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-arm64 | 9.0.0, 9.0.0, 9.0.12 |
| NuGet | Microsoft.NetCore.App.Runtime.win-x64 | 9.0.11, 9.0.0, 9.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-arm | 9.0.2, 9.0.0, 9.0.1 |
| NuGet | Microsoft.NetCore.App.Runtime.linux-musl-x64 | 9.0.0, 9.0.1, 9.0.11 |
| NuGet | Microsoft.NetCore.App.Runtime.osx-arm64 | 9.0.0, 9.0.0, 9.0.0 |
| NuGet | Microsoft.NetCore.App.Runtime.win-arm64 | 9.0.7, 9.0.0, 9.0.10 |
Timeline
- Mar 18, 2026 Security Advisory
- Apr 1, 2026 CVE Published
References
- https://github.com/alastairlundy/EnhancedLinq/security/advisories/GHSA-32wq-ppwg-3w4m url
- https://github.com/dotnet/announcements/issues/384 url
- https://github.com/alastairlundy/EnhancedLinq package
- https://www.cve.org/CVERecord?id=CVE-2026-26127 url
- https://github.com/dotnet/runtime package
- https://github.com/advisories/GHSA-32wq-ppwg-3w4m advisory
- https://github.com/dotnet/runtime/security/advisories/GHSA-73j8-2gch-69rq url
- https://nvd.nist.gov/vuln/detail/CVE-2026-26127 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127 url