Red Hat Product Errata RHSA-2026:21295 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21295 - Security Advisory Overview Updated Packages Synopsis Important: .NET 10.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 10.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es): dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM dotnet10.0-10.0.108-1.el8_10.src.rpm SHA-256: b0a6cb566a141c2007930b1395f5ab5a130c87befb64a5207b538e8514b8f5fc x86_64 aspnetcore-runtime-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: 670b71c7f1b72964bab8a200dae85ebbfb363344b26a0d784fd1b83efd30904b aspnetcore-runtime-dbg-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: a4b6fd345fbcaf4fdeb3751e4d4f5af3c4a24e3e3fca406ecd8f6cc0576aa59e aspnetcore-targeting-pack-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: 154229d906a9dd20efb70d3f47a9a742a427440eba57992779639bc50f494c73 dotnet-10.0.108-1.el8_10.x86_64.rpm SHA-256: 3aa6c40d0c077121b819c070a7a40799c6004970e526a28745a6bedb8abc85ee dotnet-apphost-pack-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: 8ac9315812100ec98b71b5829952042dd38b4b328a2d85c7b7b8a7655457fc34 dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el8_10.x86_64.rpm SHA-256: 709b575fbc435e98e3002d12c5c57ad1e28417e44661f1aaf04a16d579f15a09 dotnet-host-10.0.8-1.el8_10.x86_64.rpm SHA-256: 7a5f8ef0cc9cd683342164abfa23ce6e5c854b45965d41545941869a55bf46e7 dotnet-host-debuginfo-10.0.8-1.el8_10.x86_64.rpm SHA-256: 443fab501f8cc95a8d4ebcff26e75fa1f2e58972f294544f17d5076734d53dfa dotnet-hostfxr-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: 9c6a7effc6f13d16a521c59dba5ebf1410f495d8c0269dc08810e2e5d3e77329 dotnet-hostfxr-10.0-debuginfo-10.0.8-1.el8_10.x86_64.rpm SHA-256: 59d9a676598b7011ae2858ac433c3329278aa1c91a0e51723b0433e705f5fe16 dotnet-runtime-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: f3a22bded4077e4fdd38b00da4d6d5366363ed47bb70958f046a287dcce67966 dotnet-runtime-10.0-debuginfo-10.0.8-1.el8_10.x86_64.rpm SHA-256: a483bd4b1cf2471766ae322c242eed11c5899495daaaac3b57b08dcf1cad0d4d dotnet-runtime-dbg-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: e48272b779db2135791363f75ce63c095f447484fde374fb69629819631d65ad dotnet-sdk-10.0-10.0.108-1.el8_10.x86_64.rpm SHA-256: 60e5d0e680506ae5c37a72aa4435b61da6f8cafb7385d6e83bb9a5efa20557a9 dotnet-sdk-10.0-debuginfo-10.0.108-1.el8_10.x86_64.rpm SHA-256: 1bc6bacd1739069674c7cb2ed187fdd1d9e17c98d2776ba83bd0bee54affa0dc dotnet-sdk-aot-10.0-10.0.108-1.el8_10.x86_64.rpm SHA-256: f193524abeb9c80d65d5633c84c19b8e04fbd613474f665207bc4a503b18d588 dotnet-sdk-aot-10.0-debuginfo-10.0.108-1.el8_10.x86_64.rpm SHA-256: 9efd969a93791a922543d105b87dd837c68c3fcb07afa01261227f34a40e943d dotnet-sdk-dbg-10.0-10.0.108-1.el8_10.x86_64.rpm SHA-256: e2526f3d9e3b1c88b75c72d5206a1f7b5f8f1f06be0c17a32aa2e689f193ea09 dotnet-targeting-pack-10.0-10.0.8-1.el8_10.x86_64.rpm SHA-256: f3f2216801dbaed3c852f3dc8ef021b235053c9339e8f64449ae100fd107b061 dotnet-templates-10.0-10.0.108-1.el8_10.x86_64.rpm SHA-256: 8ad9166f289417931a5fbff2f3d36796007b3a781500da52413fe0896ce20ec6 dotnet10.0-debuginfo-10.0.108-1.el8_10.x86_64.rpm SHA-256: 7720a6253bb32d76041e5b4560e3699e04f1690c9f8e4f27c9bfeed9c43d5a24 dotnet10.0-debugsource-10.0.108-1.el8_10.x86_64.rpm SHA-256: 1e74cac1280d1395cd585e61c4425020485639a49b5b3c51cfb6cc47ff8cd00b Red Hat Enterprise Linux for IBM z Systems 8 SRPM dotnet10.0-10.0.108-1.el8_10.src.rpm SHA-256: b0a6cb566a141c2007930b1395f5ab5a130c87befb64a5207b538e8514b8f5fc s390x aspnetcore-runtime-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: e04eefa260c03995a60fed7b8fc6d96dc0baff949f9ef4cff7a217f4c84a6ad3 aspnetcore-runtime-dbg-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 47d3ae7b4b7954271b3f93b823a399ca2e715b83578f531b3d8fc2619a68142c aspnetcore-targeting-pack-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 5d8caf8883737dbe41b7996529f8f7f6bb88fe3b328caa7c43ec71be5c99a225 dotnet-10.0.108-1.el8_10.s390x.rpm SHA-256: c7d5050c81edd7e9d55a8bdf4061d96ddcd98239ec8959ff1b29c50f7bd28343 dotnet-apphost-pack-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 28935ce3659f43c491d1230a4c133c6845e5e16e6a08c0651499f55c21a5ebb9 dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el8_10.s390x.rpm SHA-256: d85e78229c5900cf8f9fa8bb66ed45eed7b9172ad904716d07b5ea547f9ef69c dotnet-host-10.0.8-1.el8_10.s390x.rpm SHA-256: f1a3fe9036cc1a13eac367b3937931297345af9a67ae82676fea0ee32f2d5e92 dotnet-host-debuginfo-10.0.8-1.el8_10.s390x.rpm SHA-256: 9ed459a47cd67e72e8b93e6a505ea18c3122ab4728ff12f2f14b444cab7895b3 dotnet-hostfxr-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 820e27f356c3147efa26cc05d97e7c542c105eafb2e54b3555a35d6e396d45f5 dotnet-hostfxr-10.0-debuginfo-10.0.8-1.el8_10.s390x.rpm SHA-256: aa0d1fa031df152d9a21e390c648cd35af89f12c6780de458d480684993526c6 dotnet-runtime-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 5558ce001a84a33858450120d0cd4b235f8a6e3312b520feacc4debf617025d7 dotnet-runtime-10.0-debuginfo-10.0.8-1.el8_10.s390x.rpm SHA-256: 931b77c3ce3c3ccba608296b425a668a6599072d9cef18702fee5cac41d6b57e dotnet-runtime-dbg-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 28fd7a9ce048976841fc53b8f641092c4f713f6f5fab4c08c7325e722b998a02 dotnet-sdk-10.0-10.0.108-1.el8_10.s390x.rpm SHA-256: 9ce2e65facbcaa0319c589e30afd3dd6bf3691e1892616ce34264833d6a0d613 dotnet-sdk-10.0-debuginfo-10.0.108-1.el8_10.s390x.rpm SHA-256: 5f618261e0608df5daa52b59c60559e4657bc63f9da658bd201e5baef2be116c dotnet-sdk-dbg-10.0-10.0.108-1.el8_10.s390x.rpm SHA-256: 45f7b9dafd52015301e62cb0d9820755f1b7a0d868d5dce1e5dc4ca84ce9b6ee dotnet-targeting-pack-10.0-10.0.8-1.el8_10.s390x.rpm SHA-256: 1e5e8a269ba5e0f02dfbafab4c76eeb04b78976bab014439fcb4660f57e06fb8 dotnet-templates-10.0-10.0.108-1.el8_10.s390x.rpm SHA-256: 7bec9a4c00ea3a8cf56f7d4576899ad0507fdb9bf7e01cdc565265b7acf06514 dotnet10.0-debuginfo-10.0.108-1.el8_10.s390x.rpm SHA-256: 23b62a88e8014727416dde1b1873079a4204413d42732f09633da9ee27d525c1 dotnet10.0-debugsource-10.0.108-1.el8_10.s390x.rpm SHA-256: 3eef700ce8e1e89b8489f63ae7fc6c54e716bc22a6968c2f898236b0652f94d7 Red Hat Enterprise Linux for Power, little endian 8 SRPM dotnet10.0-10.0.108-1.el8_10.src.rpm SHA-256: b0a6cb566a141c2007930b1395f5ab5a130c87befb64a5207b538e8514b8f5fc ppc64le aspnetcore-runtime-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 0550b860da6bc8e14993b3aeb719b224de9140a20bc8f8f2759c726e541743a1 aspnetcore-runtime-dbg-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 78b40b2169b6d83a09101f7df367f5a2364f78b1af57d3ee099959825e3d95b2 aspnetcore-targeting-pack-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 9252273ada95381d33d634d73d0ee204114b193afe8346ebf07061c6dfcb4b05 dotnet-10.0.108-1.el8_10.ppc64le.rpm SHA-256: 80a40c3af8aefbfe4877091d0a112c4a8d19529bbf110e5dcf3d13abde8b6341 dotnet-apphost-pack-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: f79fede376675a9802d58ba634a9bb7003c3637bc7426cef419a138937627fc6 dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 5f22e26a0f5292a25d0b4b1fa300abaa322c58340d48f919ad1ac898aa277f28 dotnet-host-10.0.8-1.el8_10.ppc64le.rpm SHA-256: cc55bcb1954749f89d18f4e9e9056797a7083a87660c60017d5e4042211081bc dotnet-host-debuginfo-10.0.8-1.el8_10.ppc64le.rpm SHA-256: ba387df1cb3a30b62f697ac9a75b13248917472b9093c6c90a20edd590cbc2fb dotnet-hostfxr-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: b20aa4ba09172814febd7ccfd02bf5e6dbe220937f5621b45bf5cadc79d7cca6 dotnet-hostfxr-10.0-debuginfo-10.0.8-1.el8_10.ppc64le.rpm SHA-256: eaa32a66338faade878af1d7681c024eaac657518480ccc372d1a69b015956f5 dotnet-runtime-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 3a7ca16bee17a0b6118bd0436022d82fa1484e4e93118cee076f576b90b0b7a1 dotnet-runtime-10.0-debuginfo-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 25ae39a827729f4f0715a9c4eb1a9b2dd48a1e2bb24b531775fe055ec135d035 dotnet-runtime-dbg-10.0-10.0.8-1.el8_10.ppc64le.rpm SHA-256: 727471f7ea65b48365f40e6b52d1667360b6434b2e5e423b10095893114b9e47 dotnet-sdk-10.0-10.0.108-1.el8_10.ppc64le.rpm SHA-256: c1d032915349498fa6376d541c5be6063704