PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45646 Microsoft CVE debrief

CVE-2026-45646 is a HIGH severity vulnerability in ASP.NET Core that allows an unauthorized attacker to deny service over a network. The CVE record was published on 2026-07-14T17:16:49.253Z and has not been modified since then. This vulnerability is caused by the allocation of resources without limits or throttling, which can lead to a denial of service attack. Security teams and developers using ASP.NET Core should be aware of this vulnerability and take necessary actions to mitigate it. The vulnerability has a CVSS score of 7.5 with a severity of HIGH.

Vendor
Microsoft
Product
AspNet.OData
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Security teams and developers using ASP.NET Core should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing and applying patches or updates for ASP.NET Core, implementing rate limiting and resource throttling, and monitoring for suspicious traffic and anomalies. The vulnerability has a high impact on the security of ASP.NET Core deployments.

Technical summary

The vulnerability is caused by allocation of resources without limits or throttling in ASP.NET Core, allowing an unauthorized attacker to deny service over a network. The CVSS score is 7.5 with a severity of HIGH. This vulnerability affects ASP.NET Core and can be exploited by an attacker to cause a denial of service. The vulnerability has not been modified since its publication on 2026-07-14T17:16:49.253Z.

Defensive priority

High priority should be given to patching or mitigating this vulnerability to prevent potential denial of service attacks.

Recommended defensive actions

  • Review and apply patches or updates for ASP.NET Core
  • Implement rate limiting and resource throttling
  • Monitor for suspicious traffic and anomalies
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, but further analysis is needed to determine the full scope of affected systems and potential impact. The vulnerability has not been modified since its publication on 2026-07-14T17:16:49.253Z. The evidence is limited to the information provided in the CVE record and NVD detail.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:16:49.253Z and has not been modified since then.