CVE-2026-45591

HIGH7.5Denial of service

JSON export Create alert

Description

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / ASP.NET Core 10.010.0 – 10.0.9
Microsoft / ASP.NET Core 8.08.0 – 8.0.28
Microsoft / ASP.NET Core 9.09.0 – 9.0.17
Microsoft / Microsoft Visual Studio 2026 version 18.618.6.0 – 18.6.3
Microsoft / .NET 10.010.0.0 – 10.0.9
Microsoft / .NET 8.08.0.0 – 8.0.28
Microsoft / .NET 9.09.0.0 – 9.0.17

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591