Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:13282: Important: .NET 9.0 security update

cve-2026-1234redhatsoftware-updatecve-2026-26171cve-2026-32203
Red Hat has issued an Important security advisory (RHSA-2026:13282) for .NET 9.0 on RHEL 9.6 EUS, addressing multiple vulnerabilities including a security bypass, denial of service via stack overflow and infinite recursion, and SMTP command injection via MailAddress parsing. The CVSS base score for the listed CVEs is 7.5 (High). The update provides fixed versions .NET SDK 9.0.116 and .NET Runtime 9.0.15 to remediate these issues.
Read Full Article →

Red Hat Product Errata RHSA-2026:13282 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13282 - Security Advisory Overview Updated Packages Synopsis Important: .NET 9.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 9.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime 9.0.15.Security Fix(es): dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171) dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203) dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116) dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2457739 - CVE-2026-26171 dotnet: .NET: Security Bypass and Denial of Service Vulnerability BZ - 2457740 - CVE-2026-32203 dotnet: .NET: Denial of Service via stack overflow BZ - 2457741 - CVE-2026-33116 dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform BZ - 2457781 - CVE-2026-32178 dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw CVEs CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM dotnet9.0-9.0.116-1.el9_6.src.rpm SHA-256: 264533784ccfb8b38465538b113181c534e301109c954dfeb521f5b80f5f5949 x86_64 aspnetcore-runtime-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: edff51ae5ded8ddecf139c412f84f5bd4579175a9dd405f48c9473153dc0f170 aspnetcore-runtime-dbg-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: ecbc90d70dab6f839d27e0d044dd917b1cd2c8a485294d54f284708dbec431e2 aspnetcore-targeting-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: d8004cf9257a85762fae6fd7d8b037773deec876bbf994781fe39b97f2ac37c3 dotnet-apphost-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 33d134fffb441e0638467320fd2b5ef7a48638a67c54fa6056704f00c8bcfb53 dotnet-apphost-pack-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: b7c4c33ec43735c1614498dce8788f227c5c5fcbc7064d41ecc7c9b5aa388c15 dotnet-host-9.0.15-1.el9_6.x86_64.rpm SHA-256: e8085c4bc520d2ae00a930b02fcd3d1b72e1e21b05fd6fb19f2f2c2f60a33daf dotnet-host-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: 3797b691e6f14e87fc81d45a61a1492cd02b6b5540a9049e337dfdcbb0476482 dotnet-hostfxr-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 012c8375f0d6fd8734f0e4df14aa6c1b3078172a62c38a39e357e0d2f98959b5 dotnet-hostfxr-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: 7a26cdbcdcb93e4c82d5c2355705c8ea632f8fcecddfd0eeaf085c509a9b93b0 dotnet-runtime-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: cb7db0dae2c521f3098640df5d2951a8320b17f0a767a6f1ada30faf700b048b dotnet-runtime-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: e3fbdccd689566bd476482064796031b4f3e25dc99f047db856894b43d7fdcf5 dotnet-runtime-dbg-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 9bc3c0331114d62ef948bfe4dd985f5a4e359348800a6973153c9adcbf31832c dotnet-sdk-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: b1022f69470dc73b0b747752c6d2bdca6123f32007e070480b1a570bb8e99f92 dotnet-sdk-9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: 202f101c4d7c517aa46db3611c0073ad52d908edb12c4b7698b22445009b7354 dotnet-sdk-aot-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: 89a8d263f95b1984b3bcc7a874940695ac4421183ff7b89af35dea2b507e341a dotnet-sdk-aot-9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: e5afaf1c5dba359defa8933e17a7ca3c54cbcd869c866328dd095db44c21cd45 dotnet-sdk-dbg-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: fd7c78415bbbf3b3367a8c4b9c6380460273f9b805736773de14bc2c85a79925 dotnet-targeting-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: b65d7091ea95d625af92346317f089f5a2067142864d14ef801f2c75acf5af04 dotnet-templates-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: 2a3bda471b4eefd05b25d6e7baca4077acc83631a304aef633aaa4634d87dbb1 dotnet9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: 21a6b80f9fb4d3198d7d6e8e097193533202fa2b847e1eb22d1bf6f4a95e3612 dotnet9.0-debugsource-9.0.116-1.el9_6.x86_64.rpm SHA-256: e290e852a302c2f312feb449a87271bf6a0797908105168f769a809561d81218 netstandard-targeting-pack-2.1-9.0.116-1.el9_6.x86_64.rpm SHA-256: e79f76dc50471f21e71d70b52ad7d82898f749270228708d393d822ec096a980 Red Hat Enterprise Linux Server - AUS 9.6 SRPM dotnet9.0-9.0.116-1.el9_6.src.rpm SHA-256: 264533784ccfb8b38465538b113181c534e301109c954dfeb521f5b80f5f5949 x86_64 aspnetcore-runtime-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: edff51ae5ded8ddecf139c412f84f5bd4579175a9dd405f48c9473153dc0f170 aspnetcore-runtime-dbg-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: ecbc90d70dab6f839d27e0d044dd917b1cd2c8a485294d54f284708dbec431e2 aspnetcore-targeting-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: d8004cf9257a85762fae6fd7d8b037773deec876bbf994781fe39b97f2ac37c3 dotnet-apphost-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 33d134fffb441e0638467320fd2b5ef7a48638a67c54fa6056704f00c8bcfb53 dotnet-apphost-pack-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: b7c4c33ec43735c1614498dce8788f227c5c5fcbc7064d41ecc7c9b5aa388c15 dotnet-host-9.0.15-1.el9_6.x86_64.rpm SHA-256: e8085c4bc520d2ae00a930b02fcd3d1b72e1e21b05fd6fb19f2f2c2f60a33daf dotnet-host-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: 3797b691e6f14e87fc81d45a61a1492cd02b6b5540a9049e337dfdcbb0476482 dotnet-hostfxr-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 012c8375f0d6fd8734f0e4df14aa6c1b3078172a62c38a39e357e0d2f98959b5 dotnet-hostfxr-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: 7a26cdbcdcb93e4c82d5c2355705c8ea632f8fcecddfd0eeaf085c509a9b93b0 dotnet-runtime-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: cb7db0dae2c521f3098640df5d2951a8320b17f0a767a6f1ada30faf700b048b dotnet-runtime-9.0-debuginfo-9.0.15-1.el9_6.x86_64.rpm SHA-256: e3fbdccd689566bd476482064796031b4f3e25dc99f047db856894b43d7fdcf5 dotnet-runtime-dbg-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: 9bc3c0331114d62ef948bfe4dd985f5a4e359348800a6973153c9adcbf31832c dotnet-sdk-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: b1022f69470dc73b0b747752c6d2bdca6123f32007e070480b1a570bb8e99f92 dotnet-sdk-9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: 202f101c4d7c517aa46db3611c0073ad52d908edb12c4b7698b22445009b7354 dotnet-sdk-aot-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: 89a8d263f95b1984b3bcc7a874940695ac4421183ff7b89af35dea2b507e341a dotnet-sdk-aot-9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: e5afaf1c5dba359defa8933e17a7ca3c54cbcd869c866328dd095db44c21cd45 dotnet-sdk-dbg-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: fd7c78415bbbf3b3367a8c4b9c6380460273f9b805736773de14bc2c85a79925 dotnet-targeting-pack-9.0-9.0.15-1.el9_6.x86_64.rpm SHA-256: b65d7091ea95d625af92346317f089f5a2067142864d14ef801f2c75acf5af04 dotnet-templates-9.0-9.0.116-1.el9_6.x86_64.rpm SHA-256: 2a3bda471b4eefd05b25d6e7baca4077acc83631a304aef633aaa4634d87dbb1 dotnet9.0-debuginfo-9.0.116-1.el9_6.x86_64.rpm SHA-256: 21a6b80f9fb4d3198d7d6e8e097193533202fa2b847e1eb22d1bf6f4a95e3612 dotnet9.0-debugsource-9.0.116-1.el9_6.x86_64.rpm SHA-256: e290e852a302c2f312feb449a87271bf6a0797908105168f769a809561d81218 netstandard-targeting-pack-2.1-9.0.116-1.el9_6.x86_64.rpm SHA-256: e79f76dc50471f21e71d70b52ad7d82898f749270228708d393d822ec096a980 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM dotnet9.0-9.0.116-1.el9_6.src.rpm SHA-256: 264533784ccfb8b38465538b113181c534e301109c954dfeb521f5b80f5f5949 s390x aspnetcore-runtime-9.0-9.0.15-1.el9_6.s390x.rpm SHA-256: bc3f4e728e2fd0cfdb106c730650062c6241149ce57ed51736294b444d9dceb1 aspnetcore-runtime-dbg-9.0-9.0.15-1.el9_6.s390x.rpm SHA-256: a337406cf53460b4a33909a3c1d56d12038dfda63c1c26ca6cf0f70d05ab2bae

Related Articles

CRITICAL Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days BleepingComputer HIGH NCSC-2026-0114 [1.00] [M/H] Kwetsbaarheden verholpen in Microsoft Developer tools NCSC Netherlands CRITICAL Patch Tuesday - April 2026 Rapid7 Research HIGH Multiples vulnérabilités dans Microsoft .Net (15 avril 2026) CERT-FR (ANSSI)
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn