Changeflow GovPing Vulnerability Alerts Microsoft ASP.NET/.NET Vulnerabilities Advisory
Priority review Notice Amended Final

Microsoft ASP.NET/.NET Vulnerabilities Advisory

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 13th, 2026
Detected March 13th, 2026
Email

Summary

This advisory updates information on multiple vulnerabilities in Microsoft ASP.NET and .NET, with a CVSS Base Score of 7.8. The update includes affected products on Ubuntu, Oracle, and Red Hat Linux, in addition to previously listed Microsoft ASP.NET Core and .NET versions.

View original document View source feed page

What changed

This advisory provides an update regarding multiple vulnerabilities in Microsoft ASP.NET and .NET, rated with a CVSS Base Score of 7.8. The update specifically includes affected operating systems such as Ubuntu Linux, Oracle Linux, and RESF Rocky Linux, alongside Red Hat Enterprise Linux, and various versions of Microsoft ASP.NET Core and .NET. The vulnerabilities can be exploited by local or remote attackers to gain administrative privileges or cause a denial-of-service condition.

Organizations utilizing the affected Microsoft products and Linux distributions should review the advisory for specific version information and apply available mitigations or patches immediately. Failure to address these vulnerabilities could lead to system compromise, data breaches, or service disruptions. While no specific compliance deadline is stated, prompt action is crucial to maintain system security and prevent potential attacks.

What to do next

  1. Review affected Microsoft ASP.NET and .NET versions and associated Linux distributions.
  2. Apply available security patches and mitigations provided by Microsoft and Linux vendors.
  3. Assess potential impact of vulnerabilities on internal systems and data.

Source document (simplified)

[WID-SEC-2026-0657] Microsoft ASP.NET und .NET: Mehrere Schwachstellen CVSS Base Score 7.8 (hoch) CVSS Temporal Score 6.8 (mittel) Remoteangriff nein Datum 10.03.2026 Stand UPDATE 13.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Windows

Produktbeschreibung

Microsoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks.

Produkte

UPDATE 12.03.2026
- Ubuntu Linux

  • Oracle Linux

  • RESF Rocky Linux
    UPDATE 11.03.2026

  • Red Hat Enterprise Linux
    10.03.2026

  • Microsoft ASP.NET Core 8.0

  • Microsoft ASP.NET Core 9.0

  • Microsoft ASP.NET Core 10.0

  • Microsoft .NET 10.0

  • Microsoft .NET 9.0

Angriff

Angriff

Ein lokaler. oder ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft ASP.NET und Microsoft .NET ausnutzen, um Administratorrechte zu erlangen oder um einen Denial-of-Service-Zustand zu verursachen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.apra.gov.au APRA Statement on Gender Pay Gap
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
March 13th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
International

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities System Administration

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.