SB2026042923 - Ubuntu update for dotnet10

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026042923

SB2026042923 - Ubuntu update for dotnet10

Published: April 29, 2026

Security Bulletin ID SB2026042923
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2026-33116)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in .NET, .NET Framework, and Visual Studio. A remote attacker can consume all available system resources and cause denial of service conditions.


2) Resource exhaustion (CVE-ID: CVE-2026-26171)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in .NET. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Stack-based buffer overflow (CVE-ID: CVE-2026-32203)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in .NET and Visual Studio. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.


4) Improper Neutralization of Special Elements (CVE-ID: CVE-2026-32178)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper neutralization of special elements in .NET. A remote attacker can perform spoofing attack.


5) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-40372)

The vulnerability allows a remote attacker to elevate privileges.

The vulnerability exists due to improper verification of cryptographic signature in Microsoft.AspNetCore.DataProtection when processing cryptographically protected payloads. A remote attacker can send specially crafted data to elevate privileges.

Successful exploitation could result in SYSTEM privileges. The issue affects deployments where the NuGet copy of the library is loaded at runtime, including non-Windows deployments using the vulnerable code path and certain configurations using managed algorithms.


Remediation

Install update from vendor's website.

References