Red Hat Product Errata RHSA-2026:13281 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13281 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime 8.0.26.Security Fix(es): dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171) dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203) dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116) dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2457739 - CVE-2026-26171 dotnet: .NET: Security Bypass and Denial of Service Vulnerability BZ - 2457740 - CVE-2026-32203 dotnet: .NET: Denial of Service via stack overflow BZ - 2457741 - CVE-2026-33116 dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform BZ - 2457781 - CVE-2026-32178 dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw CVEs CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM dotnet8.0-8.0.126-1.el10_0.src.rpm SHA-256: 9601bd3f63b1cd45db5ba1680892c7ba19529a8a35cd4c67ab299c8874a0640b x86_64 aspnetcore-runtime-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: 3d80cc24ca74a9f71e3d5b685c335c21e44a49b89865da7cc865842b9ee35cbd aspnetcore-runtime-dbg-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: d03ca403cc302342470619fa37356f76e26b64221078c5c8e204e552fc44c5db aspnetcore-targeting-pack-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: a45c608d375772eef6ad4b3b6170e62a6cddcfd7ff9b687d92a01415fd691e9a dotnet-apphost-pack-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: 73faf8c476ad2c5a0265d326149832e14eba2614b2b899efe650371e060f2a5a dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el10_0.x86_64.rpm SHA-256: cd355535543f12add9875bdfd154582b3981aa07bdff2ce14087fc1f6800c425 dotnet-hostfxr-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: 694af7cd24ee81dc4fc68a1d7652ca8946f509dfb26fe9b32cfecb495d70feed dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el10_0.x86_64.rpm SHA-256: 988f08023fd9147c6da3884bc43a9d1153d01971959c48e74dcd799d60570429 dotnet-runtime-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: b7a04727009ea0accc7855ad6c0d9ca7e68a43801e2ca448fff5852897f869b0 dotnet-runtime-8.0-debuginfo-8.0.26-1.el10_0.x86_64.rpm SHA-256: ae7d6081bb8ae56821322de454147b624f51c308ba1a475e6aff6a08627247d2 dotnet-runtime-dbg-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: e119c2d11d2328106d06f848f7334c095c7cb17344630329e2257c478400a66d dotnet-sdk-8.0-8.0.126-1.el10_0.x86_64.rpm SHA-256: 0d3c9b805e1a9920a86f97a27c2bf5acfd88eab336276e65e8c2c41fb888357d dotnet-sdk-8.0-debuginfo-8.0.126-1.el10_0.x86_64.rpm SHA-256: 00b1966e772444e0e7fea024b72efbfb6d9d37e2e77ffa51a5d78be01577972a dotnet-sdk-dbg-8.0-8.0.126-1.el10_0.x86_64.rpm SHA-256: 04f12d51a9dd81c265e25a15a129eb923af3816d8f8ed25ffbc51ca618026698 dotnet-targeting-pack-8.0-8.0.26-1.el10_0.x86_64.rpm SHA-256: 7da30c73d304e7a7d791940eed10966876c858e62abec7ac0be5ecf868c73a83 dotnet-templates-8.0-8.0.126-1.el10_0.x86_64.rpm SHA-256: 5607c175062fe81feec5b352c9e449f0dea754b3d7f91c993d067f5dce93369e dotnet8.0-debugsource-8.0.126-1.el10_0.x86_64.rpm SHA-256: 0f08274194fe853e453463fd6c0e701622c71a97e6726fc4740730c1b98e6182 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM dotnet8.0-8.0.126-1.el10_0.src.rpm SHA-256: 9601bd3f63b1cd45db5ba1680892c7ba19529a8a35cd4c67ab299c8874a0640b s390x aspnetcore-runtime-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: f7267551695b96886832caac6b4fad4e76a1d560161f6a746b2a19289d3359b0 aspnetcore-runtime-dbg-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: cb7e8d2191b27359519828f7be030d2c2f50b52213bfeafa43b306f1b03d427b aspnetcore-targeting-pack-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: 64e7e277fbaff9a900953bb9f9ec08e866b9ce65cbb2d02e9bc7776a9c5e347f dotnet-apphost-pack-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: 15488e50118159fce6c264fe157185fe77e4cab8b10bf46d4e03849ad6ca1b83 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el10_0.s390x.rpm SHA-256: 1b4472ea08488d8e44b64bed8425ec304b09840babc33bdaca65c493e64c3647 dotnet-hostfxr-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: a721727865306964343e39b1c7740f2ed486b4063c18d440b1d0e06672254a97 dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el10_0.s390x.rpm SHA-256: 53231a915898a6956204b56495bf8a0d99f04fd7bbe73c2a167f05acffaf96fd dotnet-runtime-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: ba29478d87f4e4fa693665efbd2d9141358fc010c29ab0947dc05a4c28a7d80c dotnet-runtime-8.0-debuginfo-8.0.26-1.el10_0.s390x.rpm SHA-256: ec4b653460c104411c051ca701c3fade4847064553fb86c8ddc4ee2d64e7c57a dotnet-runtime-dbg-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: b47ef6529cf0c675e983e7e3250cd0f7df03dc3e0095d90812d13008d9a1d458 dotnet-sdk-8.0-8.0.126-1.el10_0.s390x.rpm SHA-256: 35d906c22584b48f868b6e5f03fc156932b1f3d20396f5fca50bce29096eeba6 dotnet-sdk-8.0-debuginfo-8.0.126-1.el10_0.s390x.rpm SHA-256: 2832d59086d1fb763cc80039687bae1d8ae931cfa51a7574022041022708ed20 dotnet-sdk-dbg-8.0-8.0.126-1.el10_0.s390x.rpm SHA-256: 63868070ae09c275eb42f0d2bd84fa6875b69e3d43877f4cf9c0e85cd9c538d3 dotnet-targeting-pack-8.0-8.0.26-1.el10_0.s390x.rpm SHA-256: 408aab4fce2c0e6c33b4e13c4f1cf258d189d2770c17ce56a1060b6d8e976593 dotnet-templates-8.0-8.0.126-1.el10_0.s390x.rpm SHA-256: 7233db01d1e712fddb093a298ebf2f5265f6ce1d419f77d6aa55c40ac56c9d9b dotnet8.0-debugsource-8.0.126-1.el10_0.s390x.rpm SHA-256: 55e3ea6c4c2e3e7763cadc33e968c51a714ea096dfdc821fda12d226bf355eb0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM dotnet8.0-8.0.126-1.el10_0.src.rpm SHA-256: 9601bd3f63b1cd45db5ba1680892c7ba19529a8a35cd4c67ab299c8874a0640b ppc64le aspnetcore-runtime-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 6b3419da7dd059caf82201627a97e0092ff930e1a944d1b2a1e2a917164fbe24 aspnetcore-runtime-dbg-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: d9536349a2d01be1a55af1e3415ca2f7bea09851661a81b0cdea97c092c3f3c1 aspnetcore-targeting-pack-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: b08974d4334c3dfa3a68b16500c13ef7f8cec78f10a966d3d2c788b50506fb56 dotnet-apphost-pack-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: afc0b6776a826330f07e761ba6261f74e2d4e8dbbbb59110cbefd9c19c4e3af6 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 1acd646b46112abeed73f3369eaafca65a6528fcbfb695993765723242b0a361 dotnet-hostfxr-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: ac303115902fd777906473ed75e75c335589efa6e49be7cacbdf6e203ea38f30 dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 6372865dc772bdaaf13710900fb47efaafec8782bbf99fca88022bd8ed07dac9 dotnet-runtime-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 7ee9748b85af04e19122eece155d8da44cc9384c39e0fd83cb97e3fc558968b9 dotnet-runtime-8.0-debuginfo-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 6d5dbacef9b49701f49e330b4135ebeac25307322466468def05c872f9108073 dotnet-runtime-dbg-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 9386af7dabe19aef0801d5641acf2b94e929db775225bae9d9a16b3afc68b9cb dotnet-sdk-8.0-8.0.126-1.el10_0.ppc64le.rpm SHA-256: a938b692ef7bdbb76ed3167ee806bdfb61525f2524417e2d49c08eac406b8936 dotnet-sdk-8.0-debuginfo-8.0.126-1.el10_0.ppc64le.rpm SHA-256: e65bc4ae18019ed7be4e78b764939988f891ee62c41c97cfa8b8cc4e38934733 dotnet-sdk-dbg-8.0-8.0.126-1.el10_0.ppc64le.rpm SHA-256: 991cbb41bfe4d9ace1361c90619d0d5532a2db4ee0e3e95f606fe52ac268b6ad dotnet-targeting-pack-8.0-8.0.26-1.el10_0.ppc64le.rpm SHA-256: 707d984e86cfc411225b761fd034489d3d6cdd871c423ea8b0a8e4c7fc66f9b4 dotnet-templates-8.0-8.0.126-1.el10_0.ppc64le.rpm SHA-256: 7d22fb0f5941f76d4387c1d2f726120ef3b1f42949c94635962079ded5bb5cc9 dotnet8.0-debugsource-8.0.126-1.el10_0.ppc64le.rpm SHA-256: e707428fc9cda03ac8ad1f0c2fa37ceb9ca55a29a775d422e65d642c2baf07a