Red Hat Product Errata RHSA-2026:10085 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10085 - Security Advisory Overview Updated Packages Synopsis Important: .NET 9.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 9.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.115 and .NET Runtime 9.0.14.Security Fix(es): .net: .NET: Denial of Service via out-of-bounds read (CVE-2026-26127) asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation (CVE-2026-26130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2446098 - CVE-2026-26127 .net: .NET: Denial of Service via out-of-bounds read BZ - 2446134 - CVE-2026-26130 asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation CVEs CVE-2026-26127 CVE-2026-26130 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM dotnet9.0-9.0.115-1.el9_6.src.rpm SHA-256: 556dcb74ec33b3de7169c6f7611a8616aef5df28f48b876323e07dadae4d63ff x86_64 aspnetcore-runtime-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 5b60de3182428093148d34b6465c5d3dd68b3e374126f1267e8546193767931d aspnetcore-runtime-dbg-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 1a3de9e06a9192a635ed103bafe78800ca1792ca09bd9296090c696dc2ac2469 aspnetcore-targeting-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 29df1d8ae4f8d0d35caf43e3ecf234f0d31b73efa8d774d2037e5892c36f53fc dotnet-apphost-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: c34d2885c70324b804324df469f72842cf8e28c865abaf84fc9216dff2a0fe2b dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: f5bf6b4aa6e41a29ce416041750e70e766b83bb5bf6408a51c8ad9406163675e dotnet-host-9.0.14-1.el9_6.x86_64.rpm SHA-256: bbf4ce6f887d39b36e96ef6fe894b196b8e30560de6f725d6c2a231bbcd112a8 dotnet-host-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: fc1552af68f7f9b7d52714ca2317dada39ee331d7797e0af5e8e8047ccfad843 dotnet-hostfxr-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: d3001537d2cddf4c35e3693ebb8480ea5927f96846554a10f207ee73f1522ff3 dotnet-hostfxr-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: 4288511d274da36cad79b2075ea5ecdfcd619a170b609db2954f6a00e8034589 dotnet-runtime-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 42bc1ea4a2ad9410bb1295974ae3cfedd95afa11e9fe515cb974de9162eb3a4c dotnet-runtime-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: d1305e95aed096ce975c60ce5e6b7a689a4a8e3447fa1544a88e8cb9706f5093 dotnet-runtime-dbg-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 1c98ad0bab9f1af5eed128abc19af3dad6bbf00113d94e0ddf71952cb2fc851d dotnet-sdk-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 1fb433b07de4d20afbab5d06a37803f471c0797224a11d1054b2425ca737dc41 dotnet-sdk-9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: adae1d7aad0f2489fcc6a8b64d1f1a9ae3f9e3d275e4b72efbe7fa4f44014eef dotnet-sdk-aot-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 0b96ca537362eadd9d17f0c79542ea240c7123fa5954242082c6db830e54968f dotnet-sdk-aot-9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: abd2178f385d9b4cac163fdb96570fb0192105439861fcdd08de794b0f8ed19c dotnet-sdk-dbg-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 4171e2797898f674e6c476cb9256a7010a40fb774afcc5a6a7eb313929695bcd dotnet-targeting-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 657d941a202f0ff61a555946542172e0e3de88694b58e7180ed1f5307b9b2f34 dotnet-templates-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 32ff0b8811a57cfe951f506cbe433531924e3bcb437ca0781b814f82d45bbae0 dotnet9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: 799f219d5697ff54835897d83361e4e917039fbd4440ce86a5bb616ae4cc0042 dotnet9.0-debugsource-9.0.115-1.el9_6.x86_64.rpm SHA-256: 3475c6079b932247d47cf057ddc4ad7160b38ec891743fd818fbe788d2790ba0 netstandard-targeting-pack-2.1-9.0.115-1.el9_6.x86_64.rpm SHA-256: b94d095a202bad2c2d914e2855940ead216f96ce3ebd3f34ef334ae03c459c24 Red Hat Enterprise Linux Server - AUS 9.6 SRPM dotnet9.0-9.0.115-1.el9_6.src.rpm SHA-256: 556dcb74ec33b3de7169c6f7611a8616aef5df28f48b876323e07dadae4d63ff x86_64 aspnetcore-runtime-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 5b60de3182428093148d34b6465c5d3dd68b3e374126f1267e8546193767931d aspnetcore-runtime-dbg-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 1a3de9e06a9192a635ed103bafe78800ca1792ca09bd9296090c696dc2ac2469 aspnetcore-targeting-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 29df1d8ae4f8d0d35caf43e3ecf234f0d31b73efa8d774d2037e5892c36f53fc dotnet-apphost-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: c34d2885c70324b804324df469f72842cf8e28c865abaf84fc9216dff2a0fe2b dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: f5bf6b4aa6e41a29ce416041750e70e766b83bb5bf6408a51c8ad9406163675e dotnet-host-9.0.14-1.el9_6.x86_64.rpm SHA-256: bbf4ce6f887d39b36e96ef6fe894b196b8e30560de6f725d6c2a231bbcd112a8 dotnet-host-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: fc1552af68f7f9b7d52714ca2317dada39ee331d7797e0af5e8e8047ccfad843 dotnet-hostfxr-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: d3001537d2cddf4c35e3693ebb8480ea5927f96846554a10f207ee73f1522ff3 dotnet-hostfxr-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: 4288511d274da36cad79b2075ea5ecdfcd619a170b609db2954f6a00e8034589 dotnet-runtime-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 42bc1ea4a2ad9410bb1295974ae3cfedd95afa11e9fe515cb974de9162eb3a4c dotnet-runtime-9.0-debuginfo-9.0.14-1.el9_6.x86_64.rpm SHA-256: d1305e95aed096ce975c60ce5e6b7a689a4a8e3447fa1544a88e8cb9706f5093 dotnet-runtime-dbg-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 1c98ad0bab9f1af5eed128abc19af3dad6bbf00113d94e0ddf71952cb2fc851d dotnet-sdk-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 1fb433b07de4d20afbab5d06a37803f471c0797224a11d1054b2425ca737dc41 dotnet-sdk-9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: adae1d7aad0f2489fcc6a8b64d1f1a9ae3f9e3d275e4b72efbe7fa4f44014eef dotnet-sdk-aot-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 0b96ca537362eadd9d17f0c79542ea240c7123fa5954242082c6db830e54968f dotnet-sdk-aot-9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: abd2178f385d9b4cac163fdb96570fb0192105439861fcdd08de794b0f8ed19c dotnet-sdk-dbg-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 4171e2797898f674e6c476cb9256a7010a40fb774afcc5a6a7eb313929695bcd dotnet-targeting-pack-9.0-9.0.14-1.el9_6.x86_64.rpm SHA-256: 657d941a202f0ff61a555946542172e0e3de88694b58e7180ed1f5307b9b2f34 dotnet-templates-9.0-9.0.115-1.el9_6.x86_64.rpm SHA-256: 32ff0b8811a57cfe951f506cbe433531924e3bcb437ca0781b814f82d45bbae0 dotnet9.0-debuginfo-9.0.115-1.el9_6.x86_64.rpm SHA-256: 799f219d5697ff54835897d83361e4e917039fbd4440ce86a5bb616ae4cc0042 dotnet9.0-debugsource-9.0.115-1.el9_6.x86_64.rpm SHA-256: 3475c6079b932247d47cf057ddc4ad7160b38ec891743fd818fbe788d2790ba0 netstandard-targeting-pack-2.1-9.0.115-1.el9_6.x86_64.rpm SHA-256: b94d095a202bad2c2d914e2855940ead216f96ce3ebd3f34ef334ae03c459c24 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM dotnet9.0-9.0.115-1.el9_6.src.rpm SHA-256: 556dcb74ec33b3de7169c6f7611a8616aef5df28f48b876323e07dadae4d63ff s390x aspnetcore-runtime-9.0-9.0.14-1.el9_6.s390x.rpm SHA-256: 390a81a7512aedf0efdd3ae42b42cd403d31b07d8558c8cb6c7bddc895bc962a aspnetcore-runtime-dbg-9.0-9.0.14-1.el9_6.s390x.rpm SHA-256: 34143f66a02992de005eb9b3e59fc7d5c14574f1a0fa60488595ba031305cb88 aspnetcore-targeting-pack-9.0-9.0.14-1.el9_6.s390x.rpm SHA-256: e01c8c32dda5644ab89d5f83715b13f4b28894e956d626a7d3767de614548951 dotnet-apphost-pack-9.0-9.0.14-1.el9_6.s390x.rpm SHA-256: 63c6800043a0216816217c9773ab2a77dd506f095b9820e84cb0fd4b25ab351e dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el9_6.s390x.rpm SHA-256: 97cef1a3e49e3449af9b2b4e48b92b7a22ad562d064008dd9406d7597e83322c dotnet-host-9.0.14-1.el9_6.s390x.rpm SHA-256: 934d7