Ubuntu 25.10 DoS Fix for .NET 10.0 8085-1 CVE-2026-26127, 2026-26130

ubuntu

March 12, 2026

Several security issues were fixed in .NET.

Summary

Several security issues were fixed in .NET.

Software Description:

- dotnet10: .NET CLI tools and runtime

- dotnet8: .NET CLI tools and runtime

- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not

properly handle certain malformed Base64Url encoded input. An attacker could

possibly use this issue to cause .NET to crash, resulting in a denial of

service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127)

Bart\u0142omiej Dach discovered that .NET's SignalR server component did not

properly manage resource consumption when processing certain messages. An

attacker could possibly use this issue to exhaust internal buffers, resulting

in a denial of service. (CVE-2026-26130)

Topics Covered

security advisory denial of service Ubuntu vulnerability important dotnet

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  aspnetcore-runtime-10.0         10.0.4-0ubuntu1~25.10.1
  aspnetcore-runtime-8.0          8.0.25-0ubuntu1~25.10.1
  aspnetcore-runtime-9.0          9.0.14-0ubuntu1~25.10.1
  dotnet-host-10.0                10.0.4-0ubuntu1~25.10.1
  dotnet-host-8.0                 8.0.25-0ubuntu1~25.10.1
  dotnet-host-9.0                 9.0.14-0ubuntu1~25.10.1
  dotnet-hostfxr-10.0             10.0.4-0ubuntu1~25.10.1
  dotnet-hostfxr-8.0              8.0.25-0ubuntu1~25.10.1
  dotnet-hostfxr-9.0              9.0.14-0ubuntu1~25.10.1
  dotnet-runtime-10.0             10.0.4-0ubuntu1~25.10.1
  dotnet-runtime-8.0              8.0.25-0ubuntu1~25.10.1
  dotnet-runtime-9.0              9.0.14-0ubuntu1~25.10.1
  dotnet-sdk-10.0                 10.0.104-0ubuntu1~25.10.1
  dotnet-sdk-8.0                  8.0.125-0ubuntu1~25.10.1
  dotnet-sdk-9.0                  9.0.115-0ubuntu1~25.10.1
  dotnet-sdk-aot-10.0             10.0.104-0ubuntu1~25.10.1
  dotnet-sdk-aot-9.0              9.0.115-0ubuntu1~25.10.1
  dotnet10                        10.0.104-10.0.4-0ubuntu1~25.10.1
  dotnet8                         8.0.125-8.0.25-0ubuntu1~25.10.1
  dotnet9                         9.0.115-9.0.14-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-10.0         10.0.4-0ubuntu1~24.04.1
  aspnetcore-runtime-8.0          8.0.25-0ubuntu1~24.04.1
  dotnet-host-10.0                10.0.4-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.25-0ubuntu1~24.04.1
  dotnet-hostfxr-10.0             10.0.4-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.25-0ubuntu1~24.04.1
  dotnet-runtime-10.0             10.0.4-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.25-0ubuntu1~24.04.1
  dotnet-sdk-10.0                 10.0.104-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.125-0ubuntu1~24.04.1
  dotnet-sdk-aot-10.0             10.0.104-0ubuntu1~24.04.1
  dotnet10                        10.0.104-10.0.4-0ubuntu1~24.04.1
  dotnet8                         8.0.125-8.0.25-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.25-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.25-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.25-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.25-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.125-0ubuntu1~22.04.1
  dotnet8                         8.0.125-8.0.25-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.