Red Hat Product Errata RHSA-2026:13283 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13283 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime 8.0.26.Security Fix(es): dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171) dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203) dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116) dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2457739 - CVE-2026-26171 dotnet: .NET: Security Bypass and Denial of Service Vulnerability BZ - 2457740 - CVE-2026-32203 dotnet: .NET: Denial of Service via stack overflow BZ - 2457741 - CVE-2026-33116 dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform BZ - 2457781 - CVE-2026-32178 dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw CVEs CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM dotnet8.0-8.0.126-1.el9_6.src.rpm SHA-256: f6e0f19a2ce7d09beecd6df49457ebea8c69aff7a85a80f6be9fa76e20b55364 x86_64 aspnetcore-runtime-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: d2810b99171fe6cdac2d0d6fb71180e319ef72b3c85b79efb6b46f7d3b150365 aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a618090b7690963ed2691a558e3f52251d747e755b52e8839178a31512a89bb2 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a792d43f33edc376b74e012963cb922fe5e2895c82c3ae01b9c15ee32182d29c dotnet-apphost-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 0c90f4f39f74b31b734862d37434ec48d6658ffc58eadb5557b3bca7c7378741 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 68db8c7f63ec320935128e39af069fdf9e38960e25ba9385d44864037de989da dotnet-hostfxr-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 6afe75ce3bed1cb133cf702784309691ef1b10c5d0334410ee1ada0ef035b681 dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 6420d94f673ccd65572ef9f93141c36c33b914d0acb7485e339a156285f3a8af dotnet-runtime-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 933ae05d52cea26308ff35b2b6a826bc25329a8d969b1147fc12940d5cad702e dotnet-runtime-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 50934fc2517f38f7e6e7b5f2ce96dafb10ec41164926ae244c52217d90a25b41 dotnet-runtime-dbg-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a15399161c4adc5d4f15babc6d5b1975defbce9d395625f001d7db90b8b44440 dotnet-sdk-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 34c5008c47cb4d23564e1ef0a75045b0ea08f2336c152a7879de218fecacf5dc dotnet-sdk-8.0-debuginfo-8.0.126-1.el9_6.x86_64.rpm SHA-256: 533f24fad00f2a7b09167556705523959bb964f08b0a7f5b1b380e6118571034 dotnet-sdk-dbg-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 48c65178e64a94fe8dfe15f9dd30e66b32223fa071b9d85d2223004ac5270e80 dotnet-targeting-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 8c9abd420004d90f15d11e86dfe41f566c6a8d6b61555f06e076aab88f8efc97 dotnet-templates-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 07c2261d10664fbcee9ac7ac260b555433051334c83a693d21fb899827f0b46c dotnet8.0-debuginfo-8.0.126-1.el9_6.x86_64.rpm SHA-256: a9ed188027420447aa5f95cba9bda683c6b8deeaf81c5d859149c7147ac28b54 dotnet8.0-debugsource-8.0.126-1.el9_6.x86_64.rpm SHA-256: a903ba7cb322a2dd7276f70cfa0595a7d47bbfa507012983a3ca8485946087d3 Red Hat Enterprise Linux Server - AUS 9.6 SRPM dotnet8.0-8.0.126-1.el9_6.src.rpm SHA-256: f6e0f19a2ce7d09beecd6df49457ebea8c69aff7a85a80f6be9fa76e20b55364 x86_64 aspnetcore-runtime-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: d2810b99171fe6cdac2d0d6fb71180e319ef72b3c85b79efb6b46f7d3b150365 aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a618090b7690963ed2691a558e3f52251d747e755b52e8839178a31512a89bb2 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a792d43f33edc376b74e012963cb922fe5e2895c82c3ae01b9c15ee32182d29c dotnet-apphost-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 0c90f4f39f74b31b734862d37434ec48d6658ffc58eadb5557b3bca7c7378741 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 68db8c7f63ec320935128e39af069fdf9e38960e25ba9385d44864037de989da dotnet-hostfxr-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 6afe75ce3bed1cb133cf702784309691ef1b10c5d0334410ee1ada0ef035b681 dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 6420d94f673ccd65572ef9f93141c36c33b914d0acb7485e339a156285f3a8af dotnet-runtime-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 933ae05d52cea26308ff35b2b6a826bc25329a8d969b1147fc12940d5cad702e dotnet-runtime-8.0-debuginfo-8.0.26-1.el9_6.x86_64.rpm SHA-256: 50934fc2517f38f7e6e7b5f2ce96dafb10ec41164926ae244c52217d90a25b41 dotnet-runtime-dbg-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: a15399161c4adc5d4f15babc6d5b1975defbce9d395625f001d7db90b8b44440 dotnet-sdk-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 34c5008c47cb4d23564e1ef0a75045b0ea08f2336c152a7879de218fecacf5dc dotnet-sdk-8.0-debuginfo-8.0.126-1.el9_6.x86_64.rpm SHA-256: 533f24fad00f2a7b09167556705523959bb964f08b0a7f5b1b380e6118571034 dotnet-sdk-dbg-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 48c65178e64a94fe8dfe15f9dd30e66b32223fa071b9d85d2223004ac5270e80 dotnet-targeting-pack-8.0-8.0.26-1.el9_6.x86_64.rpm SHA-256: 8c9abd420004d90f15d11e86dfe41f566c6a8d6b61555f06e076aab88f8efc97 dotnet-templates-8.0-8.0.126-1.el9_6.x86_64.rpm SHA-256: 07c2261d10664fbcee9ac7ac260b555433051334c83a693d21fb899827f0b46c dotnet8.0-debuginfo-8.0.126-1.el9_6.x86_64.rpm SHA-256: a9ed188027420447aa5f95cba9bda683c6b8deeaf81c5d859149c7147ac28b54 dotnet8.0-debugsource-8.0.126-1.el9_6.x86_64.rpm SHA-256: a903ba7cb322a2dd7276f70cfa0595a7d47bbfa507012983a3ca8485946087d3 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM dotnet8.0-8.0.126-1.el9_6.src.rpm SHA-256: f6e0f19a2ce7d09beecd6df49457ebea8c69aff7a85a80f6be9fa76e20b55364 s390x aspnetcore-runtime-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: e99f85cf597831d504d8d994e9bc39ab83eb24ca9405a0d388d6b82b48c52faa aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: ea4ff3c8d6eb2162bf179762f5d7242a374d3c856f167f042a0f5e6eacdea442 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: 4397341b1217f029fa517c7bcd1a91de1c7b73432f14c5b5be95ae664c22b455 dotnet-apphost-pack-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: c81c9a99aaadd8699cd8edcabc7d4dc6718784b7c394dc20d7e08e0c314a60ab dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_6.s390x.rpm SHA-256: e6b6d664b0925712a231b44029773da12c4a07963f3e19c7574b0965e63d9968 dotnet-hostfxr-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: 2890bbdc5052108551f4ce3f3e09546181214333e74df9b6ff93890ee1895b7b dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el9_6.s390x.rpm SHA-256: 23e152c643c9f435c548c7c2106103385eb3729c4beb8dcd00fe862a5d457c0e dotnet-runtime-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: b6589a1d80a4f075ab77bcb8b33bedb17710ae00f9316bc2dd19c87f2c58c832 dotnet-runtime-8.0-debuginfo-8.0.26-1.el9_6.s390x.rpm SHA-256: f0dd1146e9f20ce2b25ef5abc7148a289f34932285969d6cb742de544c19c266 dotnet-runtime-dbg-8.0-8.0.26-1.el9_6.s390x.rpm SHA-256: c7c35fc38f9217fc1e7449530295d2b734c0e8b19b4acc6f6ad50bceccf1499a dotnet-sdk-8.0-8.0.126-1.el9_6.s390x.rpm SHA-256: b27f6ba598f1ae989b6e20ec0398a00fdf1d99855eecab9f593937ce0932cbce dotnet-sdk-8.0-debuginfo-8.0.126-1.el9_6.s390x.rpm SHA-256: ee368782735f5a3ea5d75077febb7fd599c84597b2dd0cbcd8733996ab