Vulnerability DatabaseCVE-2021-26423

CVE-2021-26423:
vulnerability analysis and mitigation

Overview

CVE-2021-26423 is a vulnerability affecting ASP.NET Core and Visual Studio that was discovered in early 2021. The vulnerability is related to WebSocket frame processing in ASP.NET Core applications that could lead to a Denial of Service condition (Red Hat CVE).

Technical details

The vulnerability stems from an infinite loop error in ASP.NET when processing WebSocket frames. This technical issue affects .NET Core implementations, specifically version 3.1 up to 3.1.18 (Red Hat Advisory).

Impact

When exploited, this vulnerability can cause high CPU resource consumption, potentially leading to a Denial of Service condition in affected systems (Red Hat CVE).

Mitigation and workarounds

The vulnerability has been addressed through security updates. Users should upgrade to .NET SDK 3.1.118 and .NET Runtime 3.1.18 or later versions to mitigate this vulnerability (Red Hat Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

7.5

Score

Published August 12, 2021

Severity HIGH

CNA Score 7.5

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 84.7

Exploitation Probability (EPSS) 2.4

Affected packages and libraries

Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64
aspnetcore-runtime-5.0

Sources

GitHub Advisory Database
- NuGet Severity HIGHHas FixAdded at: Oct 25, 2022
Photon Security Advisory
- Photon 4.0 Severity HIGHHas FixAdded at: Jun 15, 2025
Red Hat Errata
- Red Hat 8 Severity HIGHHas FixAdded at: Nov 23, 2021
Rocky Linux Product Errata
- Rocky 8 Severity HIGHHas FixAdded at: May 14, 2023
NVD
- Linux Severity HIGHHas FixAdded at: Nov 23, 2021
- Windows Severity HIGHHas FixAdded at: Nov 23, 2021