CVE-2026-42899 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net	8.0.0 ≤ 𝑥 < 8.0.27
microsoft	.net	9.0.0 ≤ 𝑥 < 9.0.16
microsoft	.net	10.0.0 ≤ 𝑥 < 10.0.8

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

aspnetcore-runtime-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

aspnetcore-runtime-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

aspnetcore-runtime-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

aspnetcore-runtime-dbg-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

aspnetcore-runtime-dbg-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

aspnetcore-runtime-dbg-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

aspnetcore-targeting-pack-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

aspnetcore-targeting-pack-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

aspnetcore-targeting-pack-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet

RHEL 8

0:10.0.108-1.el8_10

fixed

dotnet-apphost-pack-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-apphost-pack-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

dotnet-apphost-pack-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet-host

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-hostfxr-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-hostfxr-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

dotnet-hostfxr-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet-runtime-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-runtime-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

dotnet-runtime-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet-runtime-dbg-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-runtime-dbg-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

dotnet-runtime-dbg-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet-sdk-10.0

RHEL 8	0:10.0.108-1.el8_10 fixed
RHEL 9	0:10.0.108-1.el9_8 fixed

dotnet-sdk-10.0-source-built-artifacts

RHEL 8	0:10.0.108-1.el8_10 fixed
RHEL 9	0:10.0.108-1.el9_8 fixed

dotnet-sdk-8.0

RHEL 8	0:8.0.127-1.el8_10 fixed
RHEL 9	0:8.0.127-1.el9_8 fixed

dotnet-sdk-8.0-source-built-artifacts

RHEL 8	0:8.0.127-1.el8_10 fixed
RHEL 9	0:8.0.127-1.el9_8 fixed

dotnet-sdk-9.0

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

dotnet-sdk-9.0-source-built-artifacts

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

dotnet-sdk-aot-10.0

RHEL 8	0:10.0.108-1.el8_10 fixed
RHEL 9	0:10.0.108-1.el9_8 fixed

dotnet-sdk-aot-9.0

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

dotnet-sdk-dbg-10.0

RHEL 8	0:10.0.108-1.el8_10 fixed
RHEL 9	0:10.0.108-1.el9_8 fixed

dotnet-sdk-dbg-8.0

RHEL 8	0:8.0.127-1.el8_10 fixed
RHEL 9	0:8.0.127-1.el9_8 fixed

dotnet-sdk-dbg-9.0

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

dotnet-targeting-pack-10.0

RHEL 8	0:10.0.8-1.el8_10 fixed
RHEL 9	0:10.0.8-1.el9_8 fixed

dotnet-targeting-pack-8.0

RHEL 8	0:8.0.27-1.el8_10 fixed
RHEL 9	0:8.0.27-1.el9_8 fixed

dotnet-targeting-pack-9.0

RHEL 8	0:9.0.16-1.el8_10 fixed
RHEL 9	0:9.0.16-1.el9_8 fixed

dotnet-templates-10.0

RHEL 8	0:10.0.108-1.el8_10 fixed
RHEL 9	0:10.0.108-1.el9_8 fixed

dotnet-templates-8.0

RHEL 8	0:8.0.127-1.el8_10 fixed
RHEL 9	0:8.0.127-1.el9_8 fixed

dotnet-templates-9.0

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

netstandard-targeting-pack-2.1

RHEL 8	0:9.0.117-1.el8_10 fixed
RHEL 9	0:9.0.117-1.el9_8 fixed

Amazon Linux Releases

Amazon Package

Release

aspnetcore-runtime-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

aspnetcore-runtime-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

aspnetcore-runtime-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

aspnetcore-runtime-dbg-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

aspnetcore-runtime-dbg-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

aspnetcore-runtime-dbg-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

aspnetcore-targeting-pack-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

aspnetcore-targeting-pack-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

aspnetcore-targeting-pack-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-apphost-pack-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-apphost-pack-10.0-debuginfo

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-apphost-pack-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-apphost-pack-8.0-debuginfo

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-apphost-pack-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-apphost-pack-9.0-debuginfo

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-host

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-host-debuginfo

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-hostfxr-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-hostfxr-10.0-debuginfo

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-hostfxr-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-hostfxr-8.0-debuginfo

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-hostfxr-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-hostfxr-9.0-debuginfo

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-runtime-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-runtime-10.0-debuginfo

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-runtime-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-runtime-8.0-debuginfo

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-runtime-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-runtime-9.0-debuginfo

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-runtime-dbg-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-runtime-dbg-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-runtime-dbg-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-sdk-10.0

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-10.0-debuginfo

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-10.0-source-built-artifacts

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-8.0

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-sdk-8.0-debuginfo

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-sdk-8.0-source-built-artifacts

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-sdk-9.0

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-sdk-9.0-debuginfo

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-sdk-9.0-source-built-artifacts

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-sdk-aot-10.0

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-aot-10.0-debuginfo

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-aot-9.0

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-sdk-aot-9.0-debuginfo

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-sdk-dbg-10.0

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-sdk-dbg-8.0

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-sdk-dbg-9.0

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet-targeting-pack-10.0

Amazon Linux 2023

0:10.0.8-1.amzn2023.0.1

fixed

dotnet-targeting-pack-8.0

Amazon Linux 2023

0:8.0.27-1.amzn2023.0.1

fixed

dotnet-targeting-pack-9.0

Amazon Linux 2023

0:9.0.16-1.amzn2023.0.2

fixed

dotnet-templates-10.0

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet-templates-8.0

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet-templates-9.0

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

dotnet10.0-debuginfo

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet10.0-debugsource

Amazon Linux 2023

0:10.0.108-1.amzn2023.0.1

fixed

dotnet8.0-debuginfo

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet8.0-debugsource

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

dotnet9.0-debugsource

Amazon Linux 2023

0:9.0.117-1.amzn2023.0.2

fixed

netstandard-targeting-pack-2.1

Amazon Linux 2023

0:8.0.127-1.amzn2023.0.1

fixed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899