Red Hat Product Errata RHSA-2026:10083 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10083 - Security Advisory Overview Updated Packages Synopsis Important: .NET 9.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.115 and .NET Runtime 9.0.14.Security Fix(es): .net: .NET: Denial of Service via out-of-bounds read (CVE-2026-26127) asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation (CVE-2026-26130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2446098 - CVE-2026-26127 .net: .NET: Denial of Service via out-of-bounds read BZ - 2446134 - CVE-2026-26130 asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation CVEs CVE-2026-26127 CVE-2026-26130 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM dotnet9.0-9.0.115-1.el10_0.src.rpm SHA-256: 43b869f022385551806770bde48d5133028f8decc651413a1af191239bd5b46e x86_64 aspnetcore-runtime-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: e4999bd8cab5152a3ece27c07a9d483cc43c600673d3193c854a8c7b19a7da9d aspnetcore-runtime-dbg-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: 35c3920386f3e77c8588d018ae1c0b4faabac4d4c53a4cb9050b60a5eb7c10d2 aspnetcore-targeting-pack-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: 877e011c22e81362ea9a457233be394feab5aaeda1393d2ed8d52e74be61670e dotnet-apphost-pack-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: b740bdc9ff83c8a8064ac98baf95a073c0b6be1b86926ed335676a771dcd1edb dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el10_0.x86_64.rpm SHA-256: ac6314d0acc103ba8a8364dffb5e57a4dde2f0649772bfa18d97f8b6e4327659 dotnet-host-9.0.14-1.el10_0.x86_64.rpm SHA-256: 8118cde88794e68c77355c21d60ed5d71df5098b6565d79d8e2332ffeb11ee67 dotnet-host-debuginfo-9.0.14-1.el10_0.x86_64.rpm SHA-256: 8c659f08591a52cb677bfdead618049878666bc680393a1d184ef88318af2d58 dotnet-hostfxr-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: 5cb47e300cd11638dbbeb0feb4da67e732803c6174a702ede03fdac5e43167b5 dotnet-hostfxr-9.0-debuginfo-9.0.14-1.el10_0.x86_64.rpm SHA-256: 38de188f56cc216aefa8df5beeb0784509546c66bbca8d5053da55b89b9591a5 dotnet-runtime-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: 4ac314246fb157ac1fd3b54812f824cd7dd400575c53563902a1fa198f7057ad dotnet-runtime-9.0-debuginfo-9.0.14-1.el10_0.x86_64.rpm SHA-256: 567cf578e77ea40e93484bb9f7bec4249d1afa5f76b3f3e8a225fa74ab72be82 dotnet-runtime-dbg-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: 857fdad2f924a1772a1dad468c1f07f4c0ed462c2d4943e14fc770c343896755 dotnet-sdk-9.0-9.0.115-1.el10_0.x86_64.rpm SHA-256: b184c1852b8bbc7c49ded559ab418311a9a22c4f668a5e2b0e686c383a6aeb3d dotnet-sdk-9.0-debuginfo-9.0.115-1.el10_0.x86_64.rpm SHA-256: 61fd5cfde956069184a916c7c104b5c125b0de9f6f59c035f73974c97137f7e1 dotnet-sdk-aot-9.0-9.0.115-1.el10_0.x86_64.rpm SHA-256: 50456503baee26a208d852fadc5f64d743119a79c8b72d0ca34ff717d1d7d786 dotnet-sdk-aot-9.0-debuginfo-9.0.115-1.el10_0.x86_64.rpm SHA-256: edb0b3e42c3e8c1800c8b25ec35968cb799d181ee0863b47f8a4efdbb961924b dotnet-sdk-dbg-9.0-9.0.115-1.el10_0.x86_64.rpm SHA-256: a9da87876cc63d9054684b44e8f8b8af54eb4f92bbc4e1eacee8fd09e79777f4 dotnet-targeting-pack-9.0-9.0.14-1.el10_0.x86_64.rpm SHA-256: dacd9552bc9c25809a42dfe82337d6e4abb2fec8e3773afd8107633876dc1bdc dotnet-templates-9.0-9.0.115-1.el10_0.x86_64.rpm SHA-256: d57261f01ca949ede60bfdad9125cc8c498bc7395433fd03e422fccfb9858ca6 dotnet9.0-debugsource-9.0.115-1.el10_0.x86_64.rpm SHA-256: fb73bd4ca8e07452212389b399af9db4f654540d4c72754fe124e0e0328fea8a netstandard-targeting-pack-2.1-9.0.115-1.el10_0.x86_64.rpm SHA-256: 51266db3e371205eafcfc08a8474479db5b66b5296e55d4869703fc2fe3532c0 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM dotnet9.0-9.0.115-1.el10_0.src.rpm SHA-256: 43b869f022385551806770bde48d5133028f8decc651413a1af191239bd5b46e s390x aspnetcore-runtime-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 8fd87eff13a16dab67cc2248b4afdca2eeef119d0d44f54d8d1dbcaa58f84773 aspnetcore-runtime-dbg-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 6b090eec035d815120e91adb7f2c6a029886a53e758c81d4068ae250730aaefb aspnetcore-targeting-pack-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 1749717a76ee33be0adc96d641633c2794884c8bf60d06da6578878a934c6504 dotnet-apphost-pack-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 3764a1c729061325da7f88d1b16c00698727f0999de2d98c32b94f8fefe51b54 dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el10_0.s390x.rpm SHA-256: a987800594beeae64894b1202770debbd9ae61b5a239965c3566ffd1d2ed8f17 dotnet-host-9.0.14-1.el10_0.s390x.rpm SHA-256: 99d8959dc6d46c4daa9e4d78e0b51be07b5a44d19a29b6481f835bf8ba814d5a dotnet-host-debuginfo-9.0.14-1.el10_0.s390x.rpm SHA-256: 8d29891647375e6c69bd5d23cb24b9cc266b8c667486a24abaca1af3c0c513ad dotnet-hostfxr-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: c08e9b692afd23f0650141e9f86d77eea6e284850d8233e04bdc44515ba87d7c dotnet-hostfxr-9.0-debuginfo-9.0.14-1.el10_0.s390x.rpm SHA-256: 689fd5db5a307f0440b368e3a81785f78ec9ef2f38d88d5385319b1dbaa2b608 dotnet-runtime-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 2c81394d5f8374011611a53786a75cf7720a28f76b9f4a1c1beee73acdf9414b dotnet-runtime-9.0-debuginfo-9.0.14-1.el10_0.s390x.rpm SHA-256: fdee5468a8d888a377b92a39870a61c02accb129a821a07881bacfb002db43a6 dotnet-runtime-dbg-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: aa3a7dc6b0fe4ee0c34fb46ecd15362c838f0720bd351402fa0a3df16fc96b36 dotnet-sdk-9.0-9.0.115-1.el10_0.s390x.rpm SHA-256: e5f4cbc0e74e6a0347a5bf3b7eeb5a65a97d162f769d2dfc2c9993a1cf9bfc9f dotnet-sdk-9.0-debuginfo-9.0.115-1.el10_0.s390x.rpm SHA-256: 1885960707fd3433202628a11b943a9b77ccecb4eb3be6d3822edeac6afac414 dotnet-sdk-dbg-9.0-9.0.115-1.el10_0.s390x.rpm SHA-256: f6bb479eb85f0c51468da61abc10c8d6e9f517a9d32590505cb16f842bf3d9d8 dotnet-targeting-pack-9.0-9.0.14-1.el10_0.s390x.rpm SHA-256: 3a3570128c53bc6291a50ef69d67ffdd1a97ebc1efb632aed22877441d68ae3e dotnet-templates-9.0-9.0.115-1.el10_0.s390x.rpm SHA-256: 112d82e1ee2710d2bb733d4babe0a48653766d6418ba119025276a2842b8f964 dotnet9.0-debugsource-9.0.115-1.el10_0.s390x.rpm SHA-256: c3f68155527e70c938b74e0bcb56a12e74c8f128bd040fdba20ccef8481103d3 netstandard-targeting-pack-2.1-9.0.115-1.el10_0.s390x.rpm SHA-256: d6090eab43ea8144c9857e077432cb6cefa29007e7ea1eec4e0de02b5496e6cc Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM dotnet9.0-9.0.115-1.el10_0.src.rpm SHA-256: 43b869f022385551806770bde48d5133028f8decc651413a1af191239bd5b46e ppc64le aspnetcore-runtime-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: e1bb03526b345abf63e48331cacfd4e4f56a3249b579dd05662f4a3409cfabb9 aspnetcore-runtime-dbg-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 2b24879ff5f11b6f1c801e81e1bd3b16437c647e793e6566cf9961e19918ff01 aspnetcore-targeting-pack-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 1f23e5725f1127cd253510f0b95a6f92bcfea733f347899ba965b99f3e29867e dotnet-apphost-pack-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 7b6c7993f057cd5a5d2d86c0ea43fdd02b863947eb90c202a065ce78cbc816dc dotnet-apphost-pack-9.0-debuginfo-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 26a3cf48c21cea0fed4dec906334006367c657e68cbc5b3975676b5e7dd63bc0 dotnet-host-9.0.14-1.el10_0.ppc64le.rpm SHA-256: b0211503c01480be32ebb07adeda841b5b43261f3a7facec0e03fcd3af3dd40c dotnet-host-debuginfo-9.0.14-1.el10_0.ppc64le.rpm SHA-256: ece8475414213e36262d2929a84297985df17fe8dda9b6f7e377e74eb54ad674 dotnet-hostfxr-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 534652622a5bd5943ef82eb8b7294ddd3530f46aee28b2d45e5bacaf8647569f dotnet-hostfxr-9.0-debuginfo-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 51b5fa6b1e8b352c0cbb0a45b0efe3e468ab885084807f72d7b33030499503dc dotnet-runtime-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 387a2ccfa2857ff624dd10916a7f161f4d601a17ba3067b7c3e51299634ce065 dotnet-runtime-9.0-debuginfo-9.0.14-1.el10_0.ppc64le.rpm SHA-256: b15ab11b3db60afd5f44562c327777910bf0b545c8d14bb3a062e1f47611a13b dotnet-runtime-dbg-9.0-9.0.14-1.el10_0.ppc64le.rpm SHA-256: 25d99d78fe76b470639