Fluid Attacks Database

Description

A flaw was found in dotnet. Improper use of the HTTP/3 protocol allows an unauthorized remote attacker to cause an allocation of resources without limits or throttling in ASP.NET Core, resulting in a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel9	dotnet6.0
rpm rhel9	dotnet7.0

Aliases

1. CVE-2025-266822. NVD-2025-266823. OSV-2025-26682

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.