EXECUTIVE SUMMARY:
CVE-2026-45591 with a CVSS score of 7.5 is a denial-of-service vulnerability in the ASP.NET Core framework, specifically affecting Microsoft.AspNetCore.App.Runtime and Microsoft.AspNetCore.SignalR.Protocols.MessagePack packages across multiple platforms, including Linux, Windows, and macOS. The flaw can be exploited by sending deeply nested MessagePack arrays over a network, triggering a stack overflow during message processing. The vulnerability requires no privileges or user interaction and has a high impact on availability, enabling attackers to disrupt affected services. Successful exploitation may result in significant business consequences, including interruption of critical operations and service outages. The attack vector is network-based, and the attack complexity is low.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-45591 with a CVSS score of 7.5 is a denial-of-service vulnerability in the ASP.NET Core framework, specifically affecting Microsoft.AspNetCore.App.Runtime and Microsoft.AspNetCore.SignalR.Protocols.MessagePack packages across multiple platforms, including Linux, Windows, and macOS. The flaw can be exploited by sending deeply nested MessagePack arrays over a network, triggering a stack overflow during message processing. The vulnerability requires no privileges or user interaction and has a high impact on availability, enabling attackers to disrupt affected services. Successful exploitation may result in significant business consequences, including interruption of critical operations and service outages. The attack vector is network-based, and the attack complexity is low.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-f8h2-vmm9-qhj6