CVE-2026-56170
Publication date 14 July 2026
Last updated 17 July 2026
Ubuntu priority
Description
A denial of service vulnerability exists in ASP.NET Core SignalR in .NET 8, .NET 9, and .NET 10. Stateful reconnect can be leveraged by an attacker to deny service to other users.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| dotnet6 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet7 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Ignored see notes | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet8 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble |
Fixed 8.0.126-8.0.26-0ubuntu1~24.04.1
|
|
| 22.04 LTS jammy |
Fixed 8.0.126-8.0.26-0ubuntu1~22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet9 | 26.04 LTS resolute | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| dotnet10 | 26.04 LTS resolute |
Fixed 10.0.107-10.0.7-0ubuntu1~26.04.1
|
| 24.04 LTS noble |
Fixed 10.0.106-10.0.6-0ubuntu1~24.04.1
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
iconstantin
.NET 7 is end of life upstream.
mdeslaur
Marking .NET 6 as deferred until information is available to determine if it is impacted.