dotnet-sdk-9.0 (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package dotnet-sdk-9.0, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (19)
CVE-2025-55315 — CVSS 9.9 (critical): Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a…
CVE-2025-26646 — CVSS 8.0 (high): External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform…
CVE-2026-45591 — CVSS 7.5 (high): Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-32178 — CVSS 7.5 (high): Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32203 — CVSS 7.5 (high): Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-33116 — CVSS 7.5 (high): Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny…
CVE-2026-42899 — CVSS 7.5 (high): Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26130 — CVSS 7.5 (high): Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26171 — CVSS 7.5 (high): Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2025-55247 — CVSS 7.3 (high): Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-24070 — CVSS 7.0 (high): Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45491 — CVSS 6.2 (medium): Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2025-55248 — CVSS 4.8 (medium): Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.