Red Hat Product Errata RHSA-2026:21286 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21286 - Security Advisory Overview Updated Packages Synopsis Important: .NET 8.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es): serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043) dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2453284 - CVE-2026-34043 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-34043 CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM dotnet8.0-8.0.127-1.el10_2.src.rpm SHA-256: 820c9f428761df9c3a73b47414963f6c292c10b3f3a531a58fada96e70ad8c02 x86_64 aspnetcore-runtime-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 4cde330e02ce2cae413175be5821160f943359fb17c3e3bca198e2e5fc983d96 aspnetcore-runtime-dbg-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 9b7dbf9bcd52476529c5b528afd5bb3a0fe0fbe9b7937baa9245d183c1a10710 aspnetcore-targeting-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: cb87883a5fd4e8d66d7256948a189f30e1dc575cbbb00285684f349286949dd1 dotnet-apphost-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 89dcb1cc11ca3d94d8ef8e51fdb34169b57d3b64be322dd520d1aae330614b57 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: 42b938d6643e2b4c74152c332d0b739030e8440fab751bfa6ad1b4f0de6f3aa9 dotnet-hostfxr-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 1f1156fc652d63867c3e3cb037e8629cb2ac3a5a459e65aa1ac1a5f777e1c3b3 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: 764294dd373da1a2dead80d4228160c9d9a71c720286788e9a83acfb99c47cee dotnet-runtime-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 4d992ca8fc947c779efaa3ea809f5f88adca7da5fe205cc4b34e014791c6069c dotnet-runtime-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: ff2172d92f9f9796797b1b6c005739bcf7a45d026c6ee186b29212e9004f48e9 dotnet-runtime-dbg-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 36e36330eae18bea159f5952677684136f77f362c6dde38e09ac2939165a51e7 dotnet-sdk-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: e69bb374eaf10d7cf542ec5ce9c6459396ab03602e109b24cb7a8bf33906ceff dotnet-sdk-8.0-debuginfo-8.0.127-1.el10_2.x86_64.rpm SHA-256: f1a106dfc10d585dcaf9c3567f729e754487a0043b17e74b1d80e641d8abf44d dotnet-sdk-dbg-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: 2e543f6f080d43ba5670e4716ba0b4edf7e72e917fdff34159ef90d82c560f6c dotnet-targeting-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: caccd64ae1e86a5f0f40ba35324b6c4c9078b18a17552708cfdbe4a8a386de77 dotnet-templates-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: e569ba39b73f002e1b720810dfed5e8ba0275df51ab83e83bd741069ec721d37 dotnet8.0-debugsource-8.0.127-1.el10_2.x86_64.rpm SHA-256: cfead04d50716304a77214b15e0e6ea495f304af54abb7d0cd4a6e7cae8b9a9d Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM dotnet8.0-8.0.127-1.el10_2.src.rpm SHA-256: 820c9f428761df9c3a73b47414963f6c292c10b3f3a531a58fada96e70ad8c02 x86_64 aspnetcore-runtime-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 4cde330e02ce2cae413175be5821160f943359fb17c3e3bca198e2e5fc983d96 aspnetcore-runtime-dbg-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 9b7dbf9bcd52476529c5b528afd5bb3a0fe0fbe9b7937baa9245d183c1a10710 aspnetcore-targeting-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: cb87883a5fd4e8d66d7256948a189f30e1dc575cbbb00285684f349286949dd1 dotnet-apphost-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 89dcb1cc11ca3d94d8ef8e51fdb34169b57d3b64be322dd520d1aae330614b57 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: 42b938d6643e2b4c74152c332d0b739030e8440fab751bfa6ad1b4f0de6f3aa9 dotnet-hostfxr-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 1f1156fc652d63867c3e3cb037e8629cb2ac3a5a459e65aa1ac1a5f777e1c3b3 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: 764294dd373da1a2dead80d4228160c9d9a71c720286788e9a83acfb99c47cee dotnet-runtime-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 4d992ca8fc947c779efaa3ea809f5f88adca7da5fe205cc4b34e014791c6069c dotnet-runtime-8.0-debuginfo-8.0.27-1.el10_2.x86_64.rpm SHA-256: ff2172d92f9f9796797b1b6c005739bcf7a45d026c6ee186b29212e9004f48e9 dotnet-runtime-dbg-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: 36e36330eae18bea159f5952677684136f77f362c6dde38e09ac2939165a51e7 dotnet-sdk-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: e69bb374eaf10d7cf542ec5ce9c6459396ab03602e109b24cb7a8bf33906ceff dotnet-sdk-8.0-debuginfo-8.0.127-1.el10_2.x86_64.rpm SHA-256: f1a106dfc10d585dcaf9c3567f729e754487a0043b17e74b1d80e641d8abf44d dotnet-sdk-dbg-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: 2e543f6f080d43ba5670e4716ba0b4edf7e72e917fdff34159ef90d82c560f6c dotnet-targeting-pack-8.0-8.0.27-1.el10_2.x86_64.rpm SHA-256: caccd64ae1e86a5f0f40ba35324b6c4c9078b18a17552708cfdbe4a8a386de77 dotnet-templates-8.0-8.0.127-1.el10_2.x86_64.rpm SHA-256: e569ba39b73f002e1b720810dfed5e8ba0275df51ab83e83bd741069ec721d37 dotnet8.0-debugsource-8.0.127-1.el10_2.x86_64.rpm SHA-256: cfead04d50716304a77214b15e0e6ea495f304af54abb7d0cd4a6e7cae8b9a9d Red Hat Enterprise Linux for IBM z Systems 10 SRPM dotnet8.0-8.0.127-1.el10_2.src.rpm SHA-256: 820c9f428761df9c3a73b47414963f6c292c10b3f3a531a58fada96e70ad8c02 s390x aspnetcore-runtime-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: 0a26d0b4c8ef4e20b972bf08a7b4a1c122ab2db1e63a09edefc85083c9559486 aspnetcore-runtime-dbg-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: c73180eca6e0102166b0efb11204ac11ff1b52d0f568a69b92a93c10332979b5 aspnetcore-targeting-pack-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: 26305a1b7b73cbc9c7dfc107722b59d5db6bc76a47aa0b458dbdbbdec3af7142 dotnet-apphost-pack-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: fca2dad9aae9e51b69ecc59030c7bb5c647273f5c75125b5fec0961bb32db558 dotnet-apphost-pack-8.0-debuginfo-8.0.27-1.el10_2.s390x.rpm SHA-256: 25ff0ac3d2150f1f0b852b559d60b00c449e48d1aad6e27e3d6a053952b44f21 dotnet-hostfxr-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: 789bd07f879c7b4a2a70b9f6820fd14c2041e26a50541d332ddf1bb8c59b2670 dotnet-hostfxr-8.0-debuginfo-8.0.27-1.el10_2.s390x.rpm SHA-256: fb397e83f2a38b5cd61732cac157f78cd135e74bc6034a2d906cddf1b1f45061 dotnet-runtime-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: 2b6302fef465408b447e4d13f78a2d433ae2928992dfb75275fa4ea388922085 dotnet-runtime-8.0-debuginfo-8.0.27-1.el10_2.s390x.rpm SHA-256: 2e52368d6775a5e58a0384e5b1712edd1b17cfa9696080f2a0c59d436567a314 dotnet-runtime-dbg-8.0-8.0.27-1.el10_2.s390x.rpm SHA-256: c6abe137f8dc3346997011d1e837823628b2bc06d6492a854e6d7f135c7d0fc7 dotnet-sdk-8.0-8.0.127-1.el10_2.s390x.rpm SHA-256: 1a7a901236edd4a37d25db0ad8645c71cec0cb03e5121cc123e1e027a1ad704e dotnet-sdk-8.0-debuginfo-8.0.127-1.el10_2.s390x.rpm SHA-256: 19d05cbca773bf124dee1a47abddbca1dc138ef7f8461d9adaeda33781e0d8ba dotnet-sdk-dbg-8.0-8.0.127-1.el10_2.s390x.rpm SHA-256: 254cdb1912781723ed6a72f6ff84f38c416fd1b12496a57aeea0c7e7fced5105 dotnet-targeting-pack-8.0-8.0.27-1.el10_2.s390x.rpm SH