The .NET SDK (formerly .NET Core SDK) is a set of libraries and tools that allow developers to create .NET applications and libraries. It should not be confused with its predecessor, the .NET Framework SDK.

.NET SDK

.NET (formerly known as .NET Core in versions below 5.0) is a free, cross-platform, open-source developer platform, not to be confused with its predecessor, the .NET Framework.

.NET Runtime

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-26131	HIGH	7.8	C#	dotnet-sdk-10.0	No	Yes	Mar 10, 2026
CVE-2026-25667	HIGH	7.5	.NET SDK	dotnet-9	No	Yes	Mar 19, 2026
CVE-2026-26127	HIGH	7.5	C#	dotnet-runtime-dbg-9.0	No	Yes	Mar 10, 2026
CVE-2026-21218	HIGH	7.5	C#	cpe:2.3:a:microsoft:.net	No	Yes	Feb 10, 2026
CVE-2025-55248	MEDIUM	5.7	C#	dotnet9	No	Yes	Oct 14, 2025

CVE-2026-25667:
.NET SDK vulnerability analysis and mitigation

7.5

Related .NET SDK vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-25667: .NET SDK vulnerability analysis and mitigation