Brennan Conroy

1 exploit Active since Mar 2026
CVE-2026-25667 WRITEUP HIGH WRITEUP
.NET 8.0.0-8.0.21 and 9.0.0-9.0.10 - Uncontrolled Resource Consumption via Crafted QUIC Packet
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
CVSS 7.5