CVE-2026-42899

Description

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVSS breakdown

Affected products

• Microsoft / .NET 10.010.0.0 – 10.0.8
• Microsoft / .NET 8.08.0.0 – 8.0.27
• Microsoft / .NET 9.09.0.0 – 9.0.16

References

• VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899