PatchSiren cyber security CVE debrief
CVE-2026-45646 Microsoft CVE debrief
CVE-2026-45646 is a HIGH severity vulnerability in ASP.NET Core that allows an unauthorized attacker to deny service over a network. The CVE record was published on 2026-07-14T17:16:49.253Z and has not been modified since then. This vulnerability is caused by the allocation of resources without limits or throttling, which can lead to a denial of service attack. Security teams and developers using ASP.NET Core should be aware of this vulnerability and take necessary actions to mitigate it. The vulnerability has a CVSS score of 7.5 with a severity of HIGH.
- Vendor
- Microsoft
- Product
- AspNet.OData
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Security teams and developers using ASP.NET Core should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing and applying patches or updates for ASP.NET Core, implementing rate limiting and resource throttling, and monitoring for suspicious traffic and anomalies. The vulnerability has a high impact on the security of ASP.NET Core deployments.
Technical summary
The vulnerability is caused by allocation of resources without limits or throttling in ASP.NET Core, allowing an unauthorized attacker to deny service over a network. The CVSS score is 7.5 with a severity of HIGH. This vulnerability affects ASP.NET Core and can be exploited by an attacker to cause a denial of service. The vulnerability has not been modified since its publication on 2026-07-14T17:16:49.253Z.
Defensive priority
High priority should be given to patching or mitigating this vulnerability to prevent potential denial of service attacks.
Recommended defensive actions
- Review and apply patches or updates for ASP.NET Core
- Implement rate limiting and resource throttling
- Monitor for suspicious traffic and anomalies
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, but further analysis is needed to determine the full scope of affected systems and potential impact. The vulnerability has not been modified since its publication on 2026-07-14T17:16:49.253Z. The evidence is limited to the information provided in the CVE record and NVD detail.
Official resources
-
CVE-2026-45646 CVE record
CVE.org
-
CVE-2026-45646 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:16:49.253Z and has not been modified since then.