Red Hat Product Errata RHSA-2026:21293 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21293 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043) dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2453284 - CVE-2026-34043 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-34043 CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM dotnet8.0-8.0.127-1.el9_8.src.rpm SHA-256: 7edf4149b524cd85ceb62b0f0b9b1e93fc6f19daf14e69acb85a9173d7ca151f x86_64 aspnetcore-runtime-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 1db11d1369ca973c3651a54299e41b1d94af647def33834b745929b78b5fd249 aspnetcore-runtime-dbg-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 39cb860aebede813cdb170260791977916a4c52979d22ac1832223d0ea8a529e aspnetcore-targeting-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: e734820b32c49ca5f23424f1049db6ef064d0f81d6a82cae875916c8386fea49 dotnet-apphost-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: ec8ab7510d0ae43416395512dbe24f66c20ef45e6f8166e095c6ea4bd95792c7 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: d3f3f7c3d86cdfdf207c90746c6328c7c87519c9ba68a7df68b924c2f2ce05ff dotnet-hostfxr-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 6a2a764664df2cf8e78e2287eab939df4f3f613f5936d2c60829cec45400f920 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: f1a7711a679da6a4d46ea61445bbc1b0e19a4b80d83844980c2a46e4160855dd dotnet-runtime-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: f0434b74ed995a4469e7c6b47e6eb3f477b7b6e7750f69971b1a8da521521db4 dotnet-runtime-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: fa28a03f481e3e880c55b7f8e0e3f70fb802195e829e905178a27ae5565c7ab1 dotnet-runtime-dbg-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 7da3b882b6a5245725bd38aa93fc8da1a13e177f46de84e3ea543bb2bfec80b6 dotnet-sdk-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: a8b18a78fd2acf0bc71bdc063f8ceff0c3c1568a37e5c48cea6b31fb7ea58101 dotnet-sdk-8.0-debuginfo-8.0.127-1.el9_8.x86_64.rpm SHA-256: 1bd89ef74dcfd8eb5c35932b330bbbc7930a7cf3359f7872853c6dff7a9dedd0 dotnet-sdk-dbg-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: c8ef17c2f46896f6844a21bd109134f16c117bde13d82ecaf8d289eae5769d07 dotnet-targeting-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 8734e4f1cdac72b4ebdb91135813074b7b9ced3bd59a5d325be9f96c2a6540b8 dotnet-templates-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: 830bccdd0767281462f175d9a02542fbc0733ca883ee0c7b97bd025e708d838e dotnet8.0-debuginfo-8.0.127-1.el9_8.x86_64.rpm SHA-256: 2e7c181b0dc8fe7e94e34558d4370b3681cc96abd3179bf0b2a3d529d89f96bf dotnet8.0-debugsource-8.0.127-1.el9_8.x86_64.rpm SHA-256: b115a1173635989febf998ccf1962fd6e441184da288f73873ea21c1e0c746b2 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM dotnet8.0-8.0.127-1.el9_8.src.rpm SHA-256: 7edf4149b524cd85ceb62b0f0b9b1e93fc6f19daf14e69acb85a9173d7ca151f x86_64 aspnetcore-runtime-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 1db11d1369ca973c3651a54299e41b1d94af647def33834b745929b78b5fd249 aspnetcore-runtime-dbg-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 39cb860aebede813cdb170260791977916a4c52979d22ac1832223d0ea8a529e aspnetcore-targeting-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: e734820b32c49ca5f23424f1049db6ef064d0f81d6a82cae875916c8386fea49 dotnet-apphost-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: ec8ab7510d0ae43416395512dbe24f66c20ef45e6f8166e095c6ea4bd95792c7 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: d3f3f7c3d86cdfdf207c90746c6328c7c87519c9ba68a7df68b924c2f2ce05ff dotnet-hostfxr-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 6a2a764664df2cf8e78e2287eab939df4f3f613f5936d2c60829cec45400f920 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: f1a7711a679da6a4d46ea61445bbc1b0e19a4b80d83844980c2a46e4160855dd dotnet-runtime-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: f0434b74ed995a4469e7c6b47e6eb3f477b7b6e7750f69971b1a8da521521db4 dotnet-runtime-8.0-debuginfo-8.0.27-1.el9_8.x86_64.rpm SHA-256: fa28a03f481e3e880c55b7f8e0e3f70fb802195e829e905178a27ae5565c7ab1 dotnet-runtime-dbg-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 7da3b882b6a5245725bd38aa93fc8da1a13e177f46de84e3ea543bb2bfec80b6 dotnet-sdk-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: a8b18a78fd2acf0bc71bdc063f8ceff0c3c1568a37e5c48cea6b31fb7ea58101 dotnet-sdk-8.0-debuginfo-8.0.127-1.el9_8.x86_64.rpm SHA-256: 1bd89ef74dcfd8eb5c35932b330bbbc7930a7cf3359f7872853c6dff7a9dedd0 dotnet-sdk-dbg-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: c8ef17c2f46896f6844a21bd109134f16c117bde13d82ecaf8d289eae5769d07 dotnet-targeting-pack-8.0-8.0.27-1.el9_8.x86_64.rpm SHA-256: 8734e4f1cdac72b4ebdb91135813074b7b9ced3bd59a5d325be9f96c2a6540b8 dotnet-templates-8.0-8.0.127-1.el9_8.x86_64.rpm SHA-256: 830bccdd0767281462f175d9a02542fbc0733ca883ee0c7b97bd025e708d838e dotnet8.0-debuginfo-8.0.127-1.el9_8.x86_64.rpm SHA-256: 2e7c181b0dc8fe7e94e34558d4370b3681cc96abd3179bf0b2a3d529d89f96bf dotnet8.0-debugsource-8.0.127-1.el9_8.x86_64.rpm SHA-256: b115a1173635989febf998ccf1962fd6e441184da288f73873ea21c1e0c746b2 Red Hat Enterprise Linux for IBM z Systems 9 SRPM dotnet8.0-8.0.127-1.el9_8.src.rpm SHA-256: 7edf4149b524cd85ceb62b0f0b9b1e93fc6f19daf14e69acb85a9173d7ca151f s390x aspnetcore-runtime-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: 01cd4e38aa753a22b2029c5bec031b28b97df2e1b8b11d177ba7ca22c7e5b8b0 aspnetcore-runtime-dbg-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: 181c3eafa9636c01ecefc32ebd760528f02d728fbc45cd06d6bdc0114929b2a9 aspnetcore-targeting-pack-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: 3847e304936952ccb632dfd105330a0fdfe0d0625a2f968d6ff1fbfbb787fdf8 dotnet-apphost-pack-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: 33564e2d69da570559bec418aece864bd54c27c20028485f9fb5d09cb3d6bf7c dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el9_8.s390x.rpm SHA-256: 41bcc11a7658d2d43af8a601307f0c2b763387e9440dc0643942bd696feb604d dotnet-hostfxr-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: a379c0468aebcbb9f98803c3983aedc2186a4cb033481475d6d12bda9edfaf55 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el9_8.s390x.rpm SHA-256: f29d05a6cf374cdaa448314106c9c77f217869adf86421c7da2cffd4c14e779a dotnet-runtime-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: 0ce72711b66ec208d8cf23f02397a4176bec6f2782d59f369412026825e5b424 dotnet-runtime-8.0-debuginfo-8.0.27-1.el9_8.s390x.rpm SHA-256: ba284514b9e83e2262f4d4a522f1d217f50e11be31a20a8f16e1ef47616bb3b6 dotnet-runtime-dbg-8.0-8.0.27-1.el9_8.s390x.rpm SHA-256: a255e7df8f1f756e3c5b14449f4c39f7d76cca741a3a5c8626b41a872df19244 dotnet-sdk-8.0-8.0.127-1.el9_8.s390x.rpm SHA-256: 678ad148e81b9e2779a69896d9a5fe43f7024ebb5c2fbbbbea8ce55175b11357 dotnet-sdk-8.0-debuginfo-8.0.127-1.el9_8.s390x.rpm SHA-256: 94535f3e870a2f174de4b09c3df3d415cbff90e3115a9ae