Ubuntu Security Notices USN-8298-1 USN-8298-1: .NET vulnerability Publication date 25 May 2026 Overview .NET could be made to consume excessive resources if it received specially crafted network traffic. Releases 26.04 LTS 25.10 24.04 LTS 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages dotnet10 - .NET CLI tools and runtime dotnet8 - .NET CLI tools and runtime dotnet9 - .NET CLI tools and runtime Details Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 26.04 LTS resolute aspnetcore-runtime-10.0 – 10.0.8-0ubuntu1~26.04.1 dotnet-host-10.0 – 10.0.8-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 – 10.0.8-0ubuntu1~26.04.1 dotnet-runtime-10.0 – 10.0.8-0ubuntu1~26.04.1 dotnet-sdk-10.0 – 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 – 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-dbg-10.0 – 10.0.108-0ubuntu1~26.04.1 dotnet10 – 10.0.108-10.0.8-0ubuntu1~26.04.1 25.10 questing aspnetcore-runtime-10.0 – 10.0.8-0ubuntu1~25.10.1 aspnetcore-runtime-8.0 – 8.0.27-0ubuntu1~25.10.1 aspnetcore-runtime-9.0 – 9.0.16-0ubuntu1~25.10.1 dotnet-host-10.0 – 10.0.8-0ubuntu1~25.10.1 dotnet-host-8.0 – 8.0.27-0ubuntu1~25.10.1 dotnet-host-9.0 – 9.0.16-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 – 10.0.8-0ubuntu1~25.10.1 dotnet-hostfxr-8.0 – 8.0.27-0ubuntu1~25.10.1 dotnet-hostfxr-9.0 – 9.0.16-0ubuntu1~25.10.1 dotnet-runtime-10.0 – 10.0.8-0ubuntu1~25.10.1 dotnet-runtime-8.0 – 8.0.27-0ubuntu1~25.10.1 dotnet-runtime-9.0 – 9.0.16-0ubuntu1~25.10.1 dotnet-sdk-10.0 – 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-8.0 – 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-9.0 – 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 – 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-aot-9.0 – 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-dbg-10.0 – 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-dbg-8.0 – 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-dbg-9.0 – 9.0.117-0ubuntu1~25.10.1 dotnet10 – 10.0.108-10.0.8-0ubuntu1~25.10.1 dotnet8 – 8.0.127-8.0.27-0ubuntu1~25.10.1 dotnet9 – 9.0.117-9.0.16-0ubuntu1~25.10.1 24.04 LTS noble aspnetcore-runtime-10.0 – 10.0.8-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 – 8.0.27-0ubuntu1~24.04.1 dotnet-host-10.0 – 10.0.8-0ubuntu1~24.04.1 dotnet-host-8.0 – 8.0.27-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 – 10.0.8-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 – 8.0.27-0ubuntu1~24.04.1 dotnet-runtime-10.0 – 10.0.8-0ubuntu1~24.04.1 dotnet-runtime-8.0 – 8.0.27-0ubuntu1~24.04.1 dotnet-sdk-10.0 – 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-8.0 – 8.0.127-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 – 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-dbg-10.0 – 10.0.108-0ubuntu1~24.04.1 dotnet10 – 10.0.108-10.0.8-0ubuntu1~24.04.1 dotnet8 – 8.0.127-8.0.27-0ubuntu1~24.04.1 22.04 LTS jammy aspnetcore-runtime-8.0 – 8.0.27-0ubuntu1~22.04.1 dotnet-host-8.0 – 8.0.27-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 – 8.0.27-0ubuntu1~22.04.1 dotnet-runtime-8.0 – 8.0.27-0ubuntu1~22.04.1 dotnet-sdk-8.0 – 8.0.127-0ubuntu1~22.04.1 dotnet8 – 8.0.127-8.0.27-0ubuntu1~22.04.1 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-42899 CVE-2026-42899