Red Hat Product Errata RHSA-2026:21294 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21294 - Security Advisory Overview Updated Packages Synopsis Important: .NET 9.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 9.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es): dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM dotnet9.0-9.0.117-1.el8_10.src.rpm SHA-256: b47bc18856085df14bd07fbfff6a2aac0486cd6686dccc1c014a9ae585fe55bb x86_64 aspnetcore-runtime-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 9302ccf4bb8e9669b5e8d970b017d7a3f6b2fb3fdfa9741429ef2c2ed52db383 aspnetcore-runtime-dbg-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 741a95a0ca015411380d9711d88a56d3f2bc4c4d4da0dc85f75e583ebac27974 aspnetcore-targeting-pack-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 483657c6571d0e11380437fe2685c50f430998fc29cd0226fa3d7051a502f6d4 dotnet-apphost-pack-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 52bce1c7320b02243f5a79c0044f88d320869e7182da7307be3d649d6e8fc2e2 dotnet-apphost-pack-9.0-debuginfo-9.0.16-1.el8_10.x86_64.rpm SHA-256: a1fcf360361b24ec9a1f5ca504587be1c01272ff8494c05cef2fbd2b22c26fbe dotnet-hostfxr-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 81bdc301b5b4025dedd33114ee00d13de5ec94af692c193646b79c25afbe82cb dotnet-hostfxr-9.0-debuginfo-9.0.16-1.el8_10.x86_64.rpm SHA-256: eda1a699ba4250130c15eff0633f629af5652d3aaa331931462e9d6d45da6365 dotnet-runtime-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: d9dd3b63677e1c6e5da2f2bfe4ec9d48f83f99f702b46c2c4eff62cf61b065e7 dotnet-runtime-9.0-debuginfo-9.0.16-1.el8_10.x86_64.rpm SHA-256: 914c9f226f98f0627666de9395521950409788afdb6d50170a8995592d9dfbf7 dotnet-runtime-dbg-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 9dec0d4caae777dc53c043370557e9118766b0ed47d4dc8121a89206b57d8db8 dotnet-sdk-9.0-9.0.117-1.el8_10.x86_64.rpm SHA-256: 3cf5a180083eff28fb22e5c9c6d7ac87c8b3f67f8817314e7c5494b5608a109e dotnet-sdk-9.0-debuginfo-9.0.117-1.el8_10.x86_64.rpm SHA-256: a8c38495865c97b44f0544b5fc512e007ac6e34320ac0bc281c185c7deb09620 dotnet-sdk-aot-9.0-9.0.117-1.el8_10.x86_64.rpm SHA-256: ca216e58a624f64b92b7e8d9fedf19941e9bd135c8b4a61a28a2f883ecf58c77 dotnet-sdk-aot-9.0-debuginfo-9.0.117-1.el8_10.x86_64.rpm SHA-256: 7ffb28e3b19ca0e01bcd388cf7fb4949acaf5c273aaf92a7dad833965d8a232c dotnet-sdk-dbg-9.0-9.0.117-1.el8_10.x86_64.rpm SHA-256: f6ecdaed929029ff8bee978dac9ad9b5906e52e82ebea9deccee8a729942f7ce dotnet-targeting-pack-9.0-9.0.16-1.el8_10.x86_64.rpm SHA-256: 3c60aeb720440e53120df2a0320bdd21f0d7cf44b6bf72d2c56acd51be5e3edd dotnet-templates-9.0-9.0.117-1.el8_10.x86_64.rpm SHA-256: 1b32bd8ed362752074c682d50d11445667888e1da1ae256aa0f5d3ddf7c5aa51 dotnet9.0-debuginfo-9.0.117-1.el8_10.x86_64.rpm SHA-256: 4ce1bf7f42825ed82dd542b9bffcc38c3fe4e52bc76537f26823fe0ae1bc9a16 dotnet9.0-debugsource-9.0.117-1.el8_10.x86_64.rpm SHA-256: cb5fdbd7f29c1d7f33511b47d00c91f604a47f2c0538e1c4c7fca5c398284ecb netstandard-targeting-pack-2.1-9.0.117-1.el8_10.x86_64.rpm SHA-256: ea3e21b445bd21981e2a86b45a22b0fa30128f444c3a3a069013f36b62b4add6 Red Hat Enterprise Linux for IBM z Systems 8 SRPM dotnet9.0-9.0.117-1.el8_10.src.rpm SHA-256: b47bc18856085df14bd07fbfff6a2aac0486cd6686dccc1c014a9ae585fe55bb s390x aspnetcore-runtime-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: e23b7168b089cc611daea1c80825dc73a55adfd2962c06bb4c686620d11c45f5 aspnetcore-runtime-dbg-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: bc886d01ed70d3197ca99e21451ac57412fd716c9fa5ac790eb9d3f376e930af aspnetcore-targeting-pack-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: 444f36597d6331d0db65df2e0219fcb7d4c6bca5674f37028ac0e9222cadcf3c dotnet-apphost-pack-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: 4c7376c0b6e09f70c29311a25fb0dddb9666bdc72e58c4cb8c4dc7380d95b02e dotnet-apphost-pack-9.0-debuginfo-9.0.16-1.el8_10.s390x.rpm SHA-256: 4ae2f6ec5ab0572c32005d1fbfa53ebdfb56b0782e7653b29f1551b805afacd1 dotnet-hostfxr-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: da53477dd62912499710fabb0fd89a542471d2f84fa5a569c298d95d129e851c dotnet-hostfxr-9.0-debuginfo-9.0.16-1.el8_10.s390x.rpm SHA-256: 1e4d27de46fe4870e923c9e362503c6f5a58342babe8a46d4032ec2c6d8b0e24 dotnet-runtime-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: f6e26a5ec39cc389c9148656b0e43d072e56e3aba4a75598e3a0da9d921df118 dotnet-runtime-9.0-debuginfo-9.0.16-1.el8_10.s390x.rpm SHA-256: d34b47c4f19e5648b935b46e04646b09d929d7c4cc9f1323702e34e02133ce28 dotnet-runtime-dbg-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: e6a4e499ecb682748773f1c9f92f99f03cfab4bb53b3f3e1756b8f3a28c879ea dotnet-sdk-9.0-9.0.117-1.el8_10.s390x.rpm SHA-256: 7d1c3cb0980eed9ec1c360170e7b1afa828230a503fb217a57374d8ff0969339 dotnet-sdk-9.0-debuginfo-9.0.117-1.el8_10.s390x.rpm SHA-256: 1b507c8979f730db3450db759c31e2e92487f8490b4dadb210c85a88ed783494 dotnet-sdk-dbg-9.0-9.0.117-1.el8_10.s390x.rpm SHA-256: 841f0c8e04299843f80b7cd78e294d6ea6b6b686e0462a3add34d8b9d803cf9d dotnet-targeting-pack-9.0-9.0.16-1.el8_10.s390x.rpm SHA-256: a17cb89b46c747ea02cddf3a60eef0c8b926db832a1be80d34b4b010b309be70 dotnet-templates-9.0-9.0.117-1.el8_10.s390x.rpm SHA-256: 2dd19aff5297d41d9cb231bbb5f63131dc73323b2005415361a00dd0e51f58eb dotnet9.0-debuginfo-9.0.117-1.el8_10.s390x.rpm SHA-256: 6e9496fec5a676c2508a0ebaf586fec873810fd5e2f99ca05fe2b1a1b5168ead dotnet9.0-debugsource-9.0.117-1.el8_10.s390x.rpm SHA-256: 1cea3b124f617f14195c66737682da3faef26494666b368a51b5bc5327f0b09b netstandard-targeting-pack-2.1-9.0.117-1.el8_10.s390x.rpm SHA-256: b82e847e68007996181939c2651233d9df208c1759f7faf313f9cbc7e6cd905d Red Hat Enterprise Linux for Power, little endian 8 SRPM dotnet9.0-9.0.117-1.el8_10.src.rpm SHA-256: b47bc18856085df14bd07fbfff6a2aac0486cd6686dccc1c014a9ae585fe55bb ppc64le aspnetcore-runtime-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: abd7d38dc7668482558c555bd0b7b880b23bb940df371f5aac21f443ae39c2f7 aspnetcore-runtime-dbg-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 3d7ccc02d6d1b992c71b485b9113339d20c3e000ce703bdfe44f4799612abd90 aspnetcore-targeting-pack-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 504207f8af89cc3b3de15c3c2dadd1335a48182e6732f6e660f0e68847cf4aaa dotnet-apphost-pack-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 14fcd97e065b3549f711603064e1d16d649c45ed9839ce0a1212907b307d472a dotnet-apphost-pack-9.0-debuginfo-9.0.16-1.el8_10.ppc64le.rpm SHA-256: e5f967e271830e090b15cc11296b892a468e7934bba731d359fab2c4b7517a87 dotnet-hostfxr-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: a4908beecacc733f78bdd0dd3a803a7889d47608df0f5d6c86f833187c4f1b42 dotnet-hostfxr-9.0-debuginfo-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 36b9224244da0fb9fa757303ed5f546375ab526f1e518840b32101093e390f7b dotnet-runtime-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: b74ad1a98db0db01854ee0ad26e9f61f5252e83b5c1fe5f4354fb6eaf70740d1 dotnet-runtime-9.0-debuginfo-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 201551087d400c52f8d9337d14c9c2bd21e032cfe4e4abc7f2f3441323faec7f dotnet-runtime-dbg-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 43707c21aea97cfd70facfd59a223f0ee97013b7305fb2d32efa5d47e85db696 dotnet-sdk-9.0-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 73e1fd0d788b0ec90c1616afa20883008f6c1bd980026f09f161d8893acd26c6 dotnet-sdk-9.0-debuginfo-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 9349fda4e090d22cb84ac5c813bc322653b7396f92c076e2bfbcb0e6b2be6ab8 dotnet-sdk-dbg-9.0-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 2a8546dce1c49997725c58a4ab30e46065b0928b93a17378bbae3912c06d0c1b dotnet-targeting-pack-9.0-9.0.16-1.el8_10.ppc64le.rpm SHA-256: 66d0ad25cf821b2f8fa2079500bfdf9942bdda0012b67d59bdae9b16f4aaf91b dotnet-templates-9.0-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 94db431eeec8b15a7034e460761d937fca0af911b5360e0a5ca3c1556eda374a dotnet9.0-debuginfo-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 1db2bb56d82c767e20686a6aed2f6bd399a3a66698f3fa180774522ed62e72c5 dotnet9.0-debugsource-9.0.117-1.el8_10.ppc64le.rpm SHA-256: 3bc0624c011f2e24b90e716abb80c2e840ce6cd0c7375f950efc3b2141a91556 netstandard-targeting-pack-2.1-9.0.117-1.el8_10.ppc64le.rpm SHA-2