Red Hat Product Errata RHSA-2026:21291 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21291 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043) dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2453284 - CVE-2026-34043 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-34043 CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM dotnet8.0-8.0.127-1.el8_10.src.rpm SHA-256: 339960742f999ea828e5ea37c6600f187fb397e159338152d2a5ac93b1a26b58 x86_64 aspnetcore-runtime-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: a6e5c04a8f8bf26f62f5518aca74ed0262928d86e8d67e72664353a156a11f8b aspnetcore-runtime-dbg-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: 07b349b99c2b4ffa3d9695bea8fd416b1afd6d85009940e377a5408d42a50e8e aspnetcore-targeting-pack-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: 75863d645f37b5385997e7bc8473f89dec0f25a9bd8e4f2dcdd52baea5dc61db dotnet-apphost-pack-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: e18e6a2d68a40d657040f6ba6732243527795a561935546860fa3df71e8dd110 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el8_10.x86_64.rpm SHA-256: 812acb99dfbc6ed0b2b5e0054475372cc387230d606c62eaab8bd7eaf6fe4804 dotnet-hostfxr-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: 72cea24034ecc85c1e02ec35c43e5cea1680b3e2cf9af854f6727286f27e7815 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el8_10.x86_64.rpm SHA-256: f0e2fb72c69b8229f17f41479d3e98660f1fce2aee73372b94906f65f1bdf920 dotnet-runtime-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: 7134b582e51a50e74a69ca5d011a5b718e0af3bc9658bff7cd2b12b2dcf15836 dotnet-runtime-8.0-debuginfo-8.0.27-1.el8_10.x86_64.rpm SHA-256: b678875ad2f1e42904c3307dac521605f2742535889477438d9da3f429a66d85 dotnet-runtime-dbg-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: b13bea426d0b5d75c17265b5412c0c86690ec0819985619c7d4676244178c4b4 dotnet-sdk-8.0-8.0.127-1.el8_10.x86_64.rpm SHA-256: 6cd377cff2f76887428bc1556b8115ec803620d0098e1c2787728ed5bc19342f dotnet-sdk-8.0-debuginfo-8.0.127-1.el8_10.x86_64.rpm SHA-256: 4b57a0b9daa0e50ba71d8f2f6f7b727d0617184171d1f96f6381b7c3e8a117b3 dotnet-sdk-dbg-8.0-8.0.127-1.el8_10.x86_64.rpm SHA-256: a609fd7163b58c990cca032be037a1c84e4e9a70a301f9bb1410b43c729a6901 dotnet-targeting-pack-8.0-8.0.27-1.el8_10.x86_64.rpm SHA-256: 1dcd765490e51598dee9258a1fc5a721fbcc0f3dd0d7f9d892c551b6a67e5c5e dotnet-templates-8.0-8.0.127-1.el8_10.x86_64.rpm SHA-256: ec8e3a2e0b46f91814a3d5ff68d24284d638fd036642530b3944420f8082753c dotnet8.0-debuginfo-8.0.127-1.el8_10.x86_64.rpm SHA-256: 470c01d9932a80c1a054c539edbf672caf2b1e12b62eccd974d730246027ebaf dotnet8.0-debugsource-8.0.127-1.el8_10.x86_64.rpm SHA-256: 0bf18696f89eff9aeb356e047d6d07bca58e2795bdc16bb0c63b75caaa9ebc3c Red Hat Enterprise Linux for IBM z Systems 8 SRPM dotnet8.0-8.0.127-1.el8_10.src.rpm SHA-256: 339960742f999ea828e5ea37c6600f187fb397e159338152d2a5ac93b1a26b58 s390x aspnetcore-runtime-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: 7b336bd4ff9c8462db7c454d55493f65352450fc519ef8d45f74b4f3a0be657f aspnetcore-runtime-dbg-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: cec56ed9b3d134071a61194204a8dd21c422ac4d1d020d6e613320bec9796c01 aspnetcore-targeting-pack-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: 8fa986783b9df1ca6ed02e5c9371317e19e58e3cd44ab90c9830a17c34506700 dotnet-apphost-pack-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: ac1648ee6a6ee13669772efe10fd38a683bee5b209ebc9f492ca6451a8c2fb7d dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el8_10.s390x.rpm SHA-256: b8beede9f11213ca242ef6f250cdd95e56fbfd40e31eced52e983f338e631708 dotnet-hostfxr-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: f27581d710c2576cb5e59fb94dbb29dd90d47d782a9ca236fecb9fff19f38601 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el8_10.s390x.rpm SHA-256: 3001efe4f875a13629c6698f7a6a0ca03dc35e677252693ba2a338cbd5cf52aa dotnet-runtime-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: dd6a3d2add9ae7ac27f6a458e536cf6ed12c60dad416ac8db4f3f816acc95361 dotnet-runtime-8.0-debuginfo-8.0.27-1.el8_10.s390x.rpm SHA-256: 142b7c282b916e070fbf40fe01843b919d2c36570aca0500770c85bb45e7386a dotnet-runtime-dbg-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: 74de45e1063a8965b57578845cec22593ccc717afb484528feac7c64d73b870b dotnet-sdk-8.0-8.0.127-1.el8_10.s390x.rpm SHA-256: a7890116b34d452de27b2e8e0f39f80963300e455e41397a0052173f3779f92e dotnet-sdk-8.0-debuginfo-8.0.127-1.el8_10.s390x.rpm SHA-256: 5e4cfc5f1832358cfe9c6b221547dc44af49ee3c26b8fe26923f5b9c63036371 dotnet-sdk-dbg-8.0-8.0.127-1.el8_10.s390x.rpm SHA-256: d736ebc426174c4f1da2033d7f1818976504f6c03ea13ff9a70047c87d466f88 dotnet-targeting-pack-8.0-8.0.27-1.el8_10.s390x.rpm SHA-256: fc329fe71a778fe0fc561d564287bb6f24edae8e7d670603576ecfd3cb4b85e3 dotnet-templates-8.0-8.0.127-1.el8_10.s390x.rpm SHA-256: f493bd6f4435ecb3eaf19f97bc7936ac16d6568a08e6393e5c5aa701c557b26e dotnet8.0-debuginfo-8.0.127-1.el8_10.s390x.rpm SHA-256: ae6515e390b8296d8387cf8a10df49208bf51de95f3bb45a1f0161085dd5a712 dotnet8.0-debugsource-8.0.127-1.el8_10.s390x.rpm SHA-256: efe7991195c20bb1dbc4c35e4164ef27cb7054b313f08e1b415a5f670175500e Red Hat Enterprise Linux for Power, little endian 8 SRPM dotnet8.0-8.0.127-1.el8_10.src.rpm SHA-256: 339960742f999ea828e5ea37c6600f187fb397e159338152d2a5ac93b1a26b58 ppc64le aspnetcore-runtime-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: 0b859fd25a3c0c6110012ada4f372543c909029f6a9bb9ab915dc298d6fbdea1 aspnetcore-runtime-dbg-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: f4e775ea0266752f41f72ac6f2494ff866ac79bf1fd84cf95fe10355207c8c2e aspnetcore-targeting-pack-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: d652e97d67f0a4bc0c693812e0dd03de5e67c7c5d82a71bc5a2975e12e127553 dotnet-apphost-pack-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: adece10635a15303b619b6d51c8175e8845982c73096b6b0a7664367c2d63f97 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el8_10.ppc64le.rpm SHA-256: ec65f6a17ee7d70cfa1f8ca60f9dae0226144b93897fe28ce041197498a8bf20 dotnet-hostfxr-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: 6a41d8fbc6724b384e97f475efdbab41eec4af09022d84a331fa61beba11532e dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el8_10.ppc64le.rpm SHA-256: 9a0ca1d9fcb2e07447b3901cd51fff7b47cfa0e4f7b78a5dab38e83012d92756 dotnet-runtime-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: c4352ff80ac8348fae2e18de03f944da95be29f6293ca61575459bec2f0562a2 dotnet-runtime-8.0-debuginfo-8.0.27-1.el8_10.ppc64le.rpm SHA-256: 3492b6ae7753077e2a70002407614a0bb58d37124838aa924c64a4a8a53b9bcf dotnet-runtime-dbg-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: adf31d5b163851cbd1b0beb78d5eba096c7491154b6c3ee636063d72a6400d1a dotnet-sdk-8.0-8.0.127-1.el8_10.ppc64le.rpm SHA-256: be4d52b9be9fee1bb2c98100c957772e70d8b4bfe87f80d18265b8e102002e9b dotnet-sdk-8.0-debuginfo-8.0.127-1.el8_10.ppc64le.rpm SHA-256: a92e6820fb8f5216035aa2850fc97d7bbe78c966825094b31bc86524ed52e614 dotnet-sdk-dbg-8.0-8.0.127-1.el8_10.ppc64le.rpm SHA-256: 70c0f816d221a336a8fd0e3b64026f5d7b386b03fe17b3efb78901a6e02685ac dotnet-targeting-pack-8.0-8.0.27-1.el8_10.ppc64le.rpm SHA-256: c4578b509f56ce343b90c16c56fe8f025f41c6083ff0075471dd66bd06a05574 dotnet-templates-8.0-8.0.127-1.el8_10.ppc64le.rpm SHA-256: a43cd8774af1709555c29fde99c2702eb0d414b702fc325c721a2a6ba51bb55b dotnet8.0-debuginfo-8.0.127-1.el8_10.ppc64le.rpm SHA-256: ebf3f6a9cec47e050e08fcad2b15eca5598f87888869d683dc95fddb39b8c37d dotnet8.0-debugsource-8.0.127-1.el8_10.ppc64le.rpm SHA-256: b3a375131b106baf768dded4af72ecad31a2eff74ff0c1a61fa2570a93e38359 Red Hat Enterprise Linux for ARM 64 8 SRPM dotnet8.0-8.0.127-1.el8_10.src.rpm SHA-256: 339960742f999ea828e5ea37c6600f187fb397e159338152d2a5ac93b1a26b58 aarch64 aspnetcore-runtime-8.0-8.0.27-1.el8_10.aarch64.rpm SHA-256: bc07cd727bd5b4a10ee2b0d576a5aa64d80f059a0e2fd2047cd209c7850e90fb asp