dotnet-sdk-9.0-source-built-artifacts (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package dotnet-sdk-9.0-source-built-artifacts, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2025-55315 — CVSS 9.9 (critical): Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a…
CVE-2025-26646 — CVSS 8.0 (high): External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform…
CVE-2026-45591 — CVSS 7.5 (high): Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-30399 — CVSS 7.5 (high): Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2026-32203 — CVSS 7.5 (high): Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-33116 — CVSS 7.5 (high): Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny…
CVE-2026-42899 — CVSS 7.5 (high): Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26130 — CVSS 7.5 (high): Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26171 — CVSS 7.5 (high): Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-32178 — CVSS 7.5 (high): Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55247 — CVSS 7.3 (high): Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-45491 — CVSS 6.2 (medium): Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2025-55248 — CVSS 4.8 (medium): Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.