Red Hat Product Errata RHSA-2026:10091 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10091 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime 8.0.25.Security Fix(es): asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation (CVE-2026-26130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2446134 - CVE-2026-26130 asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation CVEs CVE-2026-26130 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM dotnet8.0-8.0.125-1.el10_0.src.rpm SHA-256: e9bb11ee81bee1d02d51d5cc31c0142aaf65327931bf56f30b1b1fad78b50d8e x86_64 aspnetcore-runtime-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 2d07becda9755868ca911fd1f88b655062c0076ff7d010e546963e0a2f3a6f41 aspnetcore-runtime-dbg-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: e6cecd46d36ac6f87a3fbcf8bc8cce3223f4f119435b0f752ed2371225e1ae85 aspnetcore-targeting-pack-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 902441c162280256577cefe51b40421a4a42769997a271c927ebad8923b91d23 dotnet-apphost-pack-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 912d0901d104c1826af75ffa1b736d990b6e5401ecd565b17c65f283f6575c0a dotnet-apphost-pack-8.0-debuginfo-8.0.25-1.el10_0.x86_64.rpm SHA-256: 2921d8ec49574b20f81b00d6b5d8e97861b0ecc713e66ce99979db8c0aa1d24e dotnet-hostfxr-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 6bb5d77ec59b30941a337de1cb520f2096ed51ca0f5c195fc0f95c4545d5d4e5 dotnet-hostfxr-8.0-debuginfo-8.0.25-1.el10_0.x86_64.rpm SHA-256: f9263b3b590bb0d2e8b04de50614bb6c3ab77739df65aef26574340f303c9a58 dotnet-runtime-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 1747fa2e92c2acfecee045f4b5cd60aafc5664add803dc48738b2573148f8d2b dotnet-runtime-8.0-debuginfo-8.0.25-1.el10_0.x86_64.rpm SHA-256: 17c4a0faa84b58290c06185084d2ecfba45b713f262464b86440d0ff1615c54e dotnet-runtime-dbg-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: 2ed4df309a3423ed497dd197de4c28a6d67ff095a6cc14317c67f4deb2d7c569 dotnet-sdk-8.0-8.0.125-1.el10_0.x86_64.rpm SHA-256: 7c2274b0243619c2a15dd2d3447f7d0f349ef6823a65bf5d7c18a7df4945e1a5 dotnet-sdk-8.0-debuginfo-8.0.125-1.el10_0.x86_64.rpm SHA-256: ebf8378fff001bb5e149cf3c727cf75dc8470b08d59aad2efac96bc639e80aad dotnet-sdk-dbg-8.0-8.0.125-1.el10_0.x86_64.rpm SHA-256: 7dbf2d3d7445a056d32c4c1150a196cf482a1b9d7d7d1f9490eacfac9b1a1af3 dotnet-targeting-pack-8.0-8.0.25-1.el10_0.x86_64.rpm SHA-256: e69744758aa7dc20cd86bc9b1ca6eb9bb2a6d6dcdd92bb14d8c47297cf520d41 dotnet-templates-8.0-8.0.125-1.el10_0.x86_64.rpm SHA-256: f4f94c01d614355fabd6e11966a291eb56cac9d1d22eb8a513712cc04e7fe94e dotnet8.0-debugsource-8.0.125-1.el10_0.x86_64.rpm SHA-256: 0b7f8fa04a70124db50904f2ed815ee2a4212d54abed4cc1926a69c65f4475aa Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM dotnet8.0-8.0.125-1.el10_0.src.rpm SHA-256: e9bb11ee81bee1d02d51d5cc31c0142aaf65327931bf56f30b1b1fad78b50d8e s390x aspnetcore-runtime-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 5debe0bde24e3e4698874d0e1bd11a03965eea025a71f5131f1731d60920ec9f aspnetcore-runtime-dbg-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 965165caeaf4d5ad3cdb46cce5e0211353954643945ba23170fb9540778428cc aspnetcore-targeting-pack-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 8c46f7bf28cd177b2ec06396111c12af6702ec2929fa3dbf2e4395ceb72bae1a dotnet-apphost-pack-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 1b32ed3dc0841951117175e17c977659da88e266b0c67a5d29d1ca5f7286e969 dotnet-apphost-pack-8.0-debuginfo-8.0.25-1.el10_0.s390x.rpm SHA-256: c4ea93178e2ccf9737e0a565f6b115def7f88602c51b9b25727be9ac8455efcb dotnet-hostfxr-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 68eaf221eb280f6efea8d289fdda7c72cf6a15bce319e59f7ec2bed7d1f3ac1f dotnet-hostfxr-8.0-debuginfo-8.0.25-1.el10_0.s390x.rpm SHA-256: 3cfd8691a537dba2229afc633fe5203a9c34c5326c8ab84241f755fd240a5436 dotnet-runtime-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 888bdff6dcb1d24ed85bbb5636818b5b499fe1cb4f68ab5ebc789786b74376e4 dotnet-runtime-8.0-debuginfo-8.0.25-1.el10_0.s390x.rpm SHA-256: a1d2c3c160dd7c0860deb76660fc05aae4709f96b7b7e964f3b4ef387f581dca dotnet-runtime-dbg-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: 7d31ce0b09a0609f211e931055602e4f20bf35779d15cf00a5c69d242b418497 dotnet-sdk-8.0-8.0.125-1.el10_0.s390x.rpm SHA-256: abec0933fa1b9f535938ba7fbaf5599fc05f10c5bf5ae6106576d6e5d580f3dd dotnet-sdk-8.0-debuginfo-8.0.125-1.el10_0.s390x.rpm SHA-256: 3b69021188907e2185d8c0a6f148235eca5314092a13f846556fffadf7164eff dotnet-sdk-dbg-8.0-8.0.125-1.el10_0.s390x.rpm SHA-256: 005082b41fe0f3267d9d70e3ca1f51be0eb9bbb615177ad55be2360c4a1e69d1 dotnet-targeting-pack-8.0-8.0.25-1.el10_0.s390x.rpm SHA-256: aaba861fa8c4ee01ed7b6edb95f2d4565b9e6b8c639a83774df93d371ea8143e dotnet-templates-8.0-8.0.125-1.el10_0.s390x.rpm SHA-256: 9b05f1d9385676ee28b9ffa8e1300c8a9ffb6c693f1cc5ef4e9acdea9872217d dotnet8.0-debugsource-8.0.125-1.el10_0.s390x.rpm SHA-256: ede0091b6af3bd6381c8c21d662370791ed4c4a106f943b9db3f68a090842ada Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM dotnet8.0-8.0.125-1.el10_0.src.rpm SHA-256: e9bb11ee81bee1d02d51d5cc31c0142aaf65327931bf56f30b1b1fad78b50d8e ppc64le aspnetcore-runtime-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 54c0e7cd0b7f29b3bdfeb96b0e2123936f906af70971e7c9110acacd6702b6d7 aspnetcore-runtime-dbg-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: d7b4ec99a90e4dd2dd9d9000075570c862a3db9b38db11ee7cb8432749b04645 aspnetcore-targeting-pack-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 98637fd17733fe0a43f787deef407e510060536c110d1f77270054200aed5d41 dotnet-apphost-pack-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 1fb9f274280629cb430a1cb165e9a6c41dbd4c7ed521918954c5c4ed7dc2b470 dotnet-apphost-pack-8.0-debuginfo-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 90b7c07ed75d7465ed2662da3113b0b30880e34a1819f9d28a920c9cb3ff5f02 dotnet-hostfxr-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: f3b06afc31523d4f8028c2c4fdbbd25cd592c1db0ebb9dcfe7a7327b964830c4 dotnet-hostfxr-8.0-debuginfo-8.0.25-1.el10_0.ppc64le.rpm SHA-256: b7eab2dbfe272cb4102c596cea722dcc179b5e69de8a231dad51dd6f4676abb5 dotnet-runtime-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 5048326b462afae2924ed5db0cbc07f2a3ee5d97e9990f6f162768120295d5cc dotnet-runtime-8.0-debuginfo-8.0.25-1.el10_0.ppc64le.rpm SHA-256: 632a553c8bfe129f27b35091c690e7ba5b19ab24fefeb8ea72e532188308baf2 dotnet-runtime-dbg-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: d9f65ce2a0020dc8703c2dfc6d7117630263c65e664af3a0ab7703f4dac9ea33 dotnet-sdk-8.0-8.0.125-1.el10_0.ppc64le.rpm SHA-256: 4040a6c22fa1cd81947e563a8d466f34f322d692d8b8fc6413affd69af5783b2 dotnet-sdk-8.0-debuginfo-8.0.125-1.el10_0.ppc64le.rpm SHA-256: f26f706a02d087c97413df85272f0bd40958799615779e4c2fe5c5a01bc33f9c dotnet-sdk-dbg-8.0-8.0.125-1.el10_0.ppc64le.rpm SHA-256: 1afb8fff0733224992fa5084bb4846b7694054714c4c6c318ffbcacfbd0d3620 dotnet-targeting-pack-8.0-8.0.25-1.el10_0.ppc64le.rpm SHA-256: bab2570e5c6ea818467a912526101ec1340d63859f5c33100249330cd1ede0f3 dotnet-templates-8.0-8.0.125-1.el10_0.ppc64le.rpm SHA-256: 50400d3d2586a2d5a0ad4a81253d0d9e6b77d93b14f0d95a83e60fd8a17c7ef7 dotnet8.0-debugsource-8.0.125-1.el10_0.ppc64le.rpm SHA-256: 04f4ca506dd2c7c4412b5ee9096a565d0d2e9657a56f913722e41a1c8e62bc6b Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM dotnet8.0-8.0.125-1.el10_0.src.rpm SHA-256: e9bb11ee81bee1d02d51d5cc31c0142aaf65327931bf56f30b1b1fad78b50d8e aarch64 aspnetcore-runtime-8.0-8.0.25-1.el10_0.aarch64.rpm SHA-256: 1d0be43d12d744b83dc96a8c6d4750e7dff9bd7987a3f6c8fe011d9851638d52 aspnetcore-runtime-dbg-8.0-8.0.25-1.el10_0.aarch64.rpm SHA-256: b6aebeade3d6965ed6d006d4e13e6ba09cd5415abd5e0b08987b36c699ce0be9 aspnetcore-targeting-pack-8.0-8.0.25-1.el10_0.aarch64.rpm SHA-256: 5f89a42f320d767f96db3acd21363350715559629a68209764736a9bbcbe7003 dotnet-apphost-pack-8.0-8.0