{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/asp.net-core-8.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.2,"id":"CVE-2026-45491"},{"cvss":7.5,"id":"CVE-2026-45591"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[".NET 10.0",".NET 8.0",".NET 9.0","ASP.NET Core 10.0","ASP.NET Core 8.0","ASP.NET Core 9.0"],"_cs_severities":["medium"],"_cs_tags":["vulnerability","denial-of-service","data-integrity","dotnet","microsoft"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eOn June 10, 2026, the CERT-FR issued an advisory detailing multiple vulnerabilities, CVE-2026-45491 and CVE-2026-45591, affecting various versions of Microsoft .Net and ASP.NET Core. These vulnerabilities enable a remote attacker to achieve a denial of service (DoS) state, rendering applications and services unavailable, and to compromise the integrity of data processed by vulnerable applications. The affected scope is broad, encompassing .Net 8.0, 9.0, and 10.0, as well as ASP.NET Core 8.0, 9.0, and 10.0, running on Windows, Linux, and macOS environments. These flaws pose a significant risk to organizations relying on vulnerable .Net applications, as they can lead to operational disruption and untrusted data, underscoring the importance of prompt patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a public-facing application or service built with a vulnerable Microsoft .Net or ASP.NET Core version (e.g., .NET 10.0 \u0026lt; 10.0.9, ASP.NET Core 8.0 \u0026lt; 8.0.28).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input or request specifically designed to exploit CVE-2026-45491 or CVE-2026-45591, targeting the application's processing logic.\u003c/li\u003e\n\u003cli\u003eThe vulnerable .Net or ASP.NET Core runtime processes the malformed data, triggering the vulnerability.\u003c/li\u003e\n\u003cli\u003eFor denial of service (DoS) attacks, the vulnerability causes the application or underlying service to crash, hang, or consume excessive resources, making it unresponsive to legitimate users.\u003c/li\u003e\n\u003cli\u003eFor data integrity compromise, the vulnerability allows unauthorized modification or corruption of data handled by the application, potentially leading to incorrect computations, unauthorized state changes, or other forms of data manipulation.\u003c/li\u003e\n\u003cli\u003eThe application either becomes unavailable, experiences significant performance degradation, or operates with compromised data, directly impacting business operations and trust.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these vulnerabilities can lead to significant operational disruption and data reliability issues. A remote denial of service attack can render critical applications and services inaccessible, leading to financial losses, reputational damage, and inability to conduct business. Data integrity compromise can result in corrupted databases, inaccurate financial records, or manipulated user data, undermining trust and potentially leading to compliance violations or incorrect decision-making. While specific victim counts or targeted sectors are not detailed, any organization utilizing affected .Net or ASP.NET Core versions is at risk, particularly those with internet-facing applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security updates provided by Microsoft for all affected .NET and ASP.NET Core versions as referenced in the CERTFR-2026-AVI-0729 advisory and the MSRC bulletins for CVE-2026-45491 and CVE-2026-45591.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM/EDR to detect potential exploitation attempts or post-exploitation activities related to the observed vulnerabilities.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive logging for web servers (like IIS or Kestrel) and application runtimes (\u003ccode\u003edotnet.exe\u003c/code\u003e process creation) to capture anomalies that the rules are designed to detect.\u003c/li\u003e\n\u003cli\u003eMonitor for excessive 5xx HTTP status codes in web server logs, which can indicate ongoing denial of service attempts or application crashes as per the \u003ccode\u003eDetect Excessive Web Server 5xx Errors\u003c/code\u003e rule.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging, especially for \u003ccode\u003edotnet.exe\u003c/code\u003e or \u003ccode\u003ew3wp.exe\u003c/code\u003e, to detect suspicious child processes as per the \u003ccode\u003eDetect Suspicious Child Process from Dotnet Host\u003c/code\u003e rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-14T09:19:42Z","date_published":"2026-06-14T09:19:42Z","id":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-dotnet-vulns/","summary":"Multiple vulnerabilities, CVE-2026-45491 and CVE-2026-45591, have been discovered in Microsoft .Net and ASP.NET Core versions, allowing a remote attacker to cause a denial of service and compromise data integrity across Windows, Linux, and macOS platforms.","title":"Multiple Vulnerabilities in Microsoft .Net (CVE-2026-45491, CVE-2026-45591)","url":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-dotnet-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed - ASP.NET Core 8.0","version":"https://jsonfeed.org/version/1.1"}