Red Hat Product Errata RHSA-2026:13693 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13693 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime 8.0.26.Security Fix(es): dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171) dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203) dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116) dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2457739 - CVE-2026-26171 dotnet: .NET: Security Bypass and Denial of Service Vulnerability BZ - 2457740 - CVE-2026-32203 dotnet: .NET: Denial of Service via stack overflow BZ - 2457741 - CVE-2026-33116 dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform BZ - 2457781 - CVE-2026-32178 dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw CVEs CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM dotnet8.0-8.0.126-1.el9_4.src.rpm SHA-256: 9d15c11b5b4e7f433b94e3cc7364eacc4b2540437c42328efd0c33822168ae37 x86_64 aspnetcore-runtime-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 703d03ebaa920bf077ac6e5ff612b9b8ede697343e4200d30ef478904c78f250 aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 41407dad36a8d3baa09f5bfd1fbed131c303eeb086b9b1d2c02810b49248fcf1 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 6445c8559162c6df57bde89c73a3ee34cc0471db1459d8b423b06b3a8dfa9a09 dotnet-apphost-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 74d2874f7dfea0816fe03e8392e9f8ec24f95b8bc75efda065c46e8566c9d406 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 1f7ac541e39b1b39181ad32536155ce155b11f30345337862f983d435aa1d2ff dotnet-host-8.0.26-1.el9_4.x86_64.rpm SHA-256: 877ba6258f4e4b9a235f6a302b2f9388b9ea161733a51ca3018f31c28ee7bbf1 dotnet-host-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 145f46d446d0a655e0402479bb15b93b21dbc98fbe0975ca9302688b2d78d013 dotnet-hostfxr-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 0f46cc7bdf19fdc71a610cb983bb186ebf824b0bc54dbb5897962b047b378a8f dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 6f7ff5a10532a87e2da1338c6c9f7c7ef14d9602693a44e76a4e56f07c1a1638 dotnet-runtime-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 3b2c01a19594cbcf27580c73c52fa6b33e3cdb39e17201c54c97af1ff63a0077 dotnet-runtime-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 64649a5cc1bceb14e1123c7dae59e36e072203763b4dc52b380e3fcef1241224 dotnet-runtime-dbg-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 0e0a960649b4309c56d70aca7048e2287cdcd74803152cdcf9b644d72ef1851a dotnet-sdk-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 27693bc163318953969cad4ac8668c392411d6b3d4fd41fe8ff9d25d6bc28e4c dotnet-sdk-8.0-debuginfo-8.0.126-1.el9_4.x86_64.rpm SHA-256: c91020b372ed2f10da75304714e713741039eb569ff7d0c55989d219f333fda6 dotnet-sdk-dbg-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 2bf5abaa76962f573574a45df66dcae30136a220fece50474ea672993a3290bb dotnet-targeting-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 9684382af808e07e332bb56b38418f83eabe8c7143f3186be5c7afcf693b2269 dotnet-templates-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 37ca0acd7ea9364316fa3b7c7497e79188e70ef44aa0aac0a548e4709747b891 dotnet8.0-debuginfo-8.0.126-1.el9_4.x86_64.rpm SHA-256: cd27cdb1175665fa0aa43e85675ebf27d19f8c5476514d368a30f94829fbbf1a dotnet8.0-debugsource-8.0.126-1.el9_4.x86_64.rpm SHA-256: c418a1f4c27e82153d2a2c6184533a46e413563071ae7a49458796d79a55f1a3 netstandard-targeting-pack-2.1-8.0.126-1.el9_4.x86_64.rpm SHA-256: 542cc45584b8e647aa07090ee83419878208f4d339565fa647e9baed76c6cdae Red Hat Enterprise Linux Server - AUS 9.4 SRPM dotnet8.0-8.0.126-1.el9_4.src.rpm SHA-256: 9d15c11b5b4e7f433b94e3cc7364eacc4b2540437c42328efd0c33822168ae37 x86_64 aspnetcore-runtime-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 703d03ebaa920bf077ac6e5ff612b9b8ede697343e4200d30ef478904c78f250 aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 41407dad36a8d3baa09f5bfd1fbed131c303eeb086b9b1d2c02810b49248fcf1 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 6445c8559162c6df57bde89c73a3ee34cc0471db1459d8b423b06b3a8dfa9a09 dotnet-apphost-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 74d2874f7dfea0816fe03e8392e9f8ec24f95b8bc75efda065c46e8566c9d406 dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 1f7ac541e39b1b39181ad32536155ce155b11f30345337862f983d435aa1d2ff dotnet-host-8.0.26-1.el9_4.x86_64.rpm SHA-256: 877ba6258f4e4b9a235f6a302b2f9388b9ea161733a51ca3018f31c28ee7bbf1 dotnet-host-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 145f46d446d0a655e0402479bb15b93b21dbc98fbe0975ca9302688b2d78d013 dotnet-hostfxr-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 0f46cc7bdf19fdc71a610cb983bb186ebf824b0bc54dbb5897962b047b378a8f dotnet-hostfxr-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 6f7ff5a10532a87e2da1338c6c9f7c7ef14d9602693a44e76a4e56f07c1a1638 dotnet-runtime-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 3b2c01a19594cbcf27580c73c52fa6b33e3cdb39e17201c54c97af1ff63a0077 dotnet-runtime-8.0-debuginfo-8.0.26-1.el9_4.x86_64.rpm SHA-256: 64649a5cc1bceb14e1123c7dae59e36e072203763b4dc52b380e3fcef1241224 dotnet-runtime-dbg-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 0e0a960649b4309c56d70aca7048e2287cdcd74803152cdcf9b644d72ef1851a dotnet-sdk-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 27693bc163318953969cad4ac8668c392411d6b3d4fd41fe8ff9d25d6bc28e4c dotnet-sdk-8.0-debuginfo-8.0.126-1.el9_4.x86_64.rpm SHA-256: c91020b372ed2f10da75304714e713741039eb569ff7d0c55989d219f333fda6 dotnet-sdk-dbg-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 2bf5abaa76962f573574a45df66dcae30136a220fece50474ea672993a3290bb dotnet-targeting-pack-8.0-8.0.26-1.el9_4.x86_64.rpm SHA-256: 9684382af808e07e332bb56b38418f83eabe8c7143f3186be5c7afcf693b2269 dotnet-templates-8.0-8.0.126-1.el9_4.x86_64.rpm SHA-256: 37ca0acd7ea9364316fa3b7c7497e79188e70ef44aa0aac0a548e4709747b891 dotnet8.0-debuginfo-8.0.126-1.el9_4.x86_64.rpm SHA-256: cd27cdb1175665fa0aa43e85675ebf27d19f8c5476514d368a30f94829fbbf1a dotnet8.0-debugsource-8.0.126-1.el9_4.x86_64.rpm SHA-256: c418a1f4c27e82153d2a2c6184533a46e413563071ae7a49458796d79a55f1a3 netstandard-targeting-pack-2.1-8.0.126-1.el9_4.x86_64.rpm SHA-256: 542cc45584b8e647aa07090ee83419878208f4d339565fa647e9baed76c6cdae Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM dotnet8.0-8.0.126-1.el9_4.src.rpm SHA-256: 9d15c11b5b4e7f433b94e3cc7364eacc4b2540437c42328efd0c33822168ae37 s390x aspnetcore-runtime-8.0-8.0.26-1.el9_4.s390x.rpm SHA-256: 54b3ba4d60ad21c5137b830346775438f0417c1eb294ea6d22404f9d0b01c5ca aspnetcore-runtime-dbg-8.0-8.0.26-1.el9_4.s390x.rpm SHA-256: 5da607c56829a704034cfc9966842901e7bc45772448e687d77d77dfb1e2a358 aspnetcore-targeting-pack-8.0-8.0.26-1.el9_4.s390x.rpm SHA-256: 0a7b3175b30b8d4205443133896fac4143d6e4737d08caf7b68f619adf0a73f8 dotnet-apphost-pack-8.0-8.0.26-1.el9_4.s390x.rpm SHA-256: a7a0bf772adb7bd7dfd79975d6606352506a11b67081c34fa74387f3bb78c5ed dotnet-apphost-pack-8.0-debuginfo-8.0.26-1.el9_4.s390x.rpm SHA-256: 7187bbf9f2c601c259a5a956d4410b1eebbe7c168ec7ebc3e6df78cc84d91d22 dotnet-host-8.0.26-1.el9_4.s390x.rpm SHA-256: 240b8053381ed147ce60ebc8c02b660aabb54ad678b26299754c3809225