USN-8176-1: .NET vulnerabilities

Packages

dotnet10 - .NET CLI tools and runtime
dotnet8 - .NET CLI tools and runtime
dotnet9 - .NET CLI tools and runtime

Details

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml
library in .NET incorrectly handled certain XML inputs. An attacker could
possibly use this issue to consume excessive resources, resulting in a
denial of service. (CVE-2026-33116, CVE-2026-26171)

Ludvig Pedersen and Kevin Jones discovered that the
System.Security.Cryptography.Xml library in .NET incorrectly handled
certain XML inputs. An attacker could possibly use this issue to cause
.NET to crash, resulting in a denial of service. (CVE-2026-32203)

Ludvig Pedersen discovered that the System.Net.Mail component in .NET
incorrectly handled certain inputs. An attacker could possibly use this
issue to perform a network spoofing attack. (CVE-2026-32178)

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml
library in .NET incorrectly handled certain XML inputs. An attacker could
possibly use this issue to consume excessive resources, resulting in a
denial of service. (CVE-2026-33116, CVE-2026-26171)

Ludvig Pedersen and Kevin Jones discovered that the
System.Security.Cryptography.Xml library in .NET incorrectly handled
certain XML inputs. An attacker could possibly use this issue to cause
.NET to crash, resulting in a denial of service. (CVE-2026-32203)

Ludvig Pedersen discovered that the System.Net.Mail component in .NET
incorrectly handled certain inputs. An attacker could possibly use this
issue to perform a network spoofing attack. (CVE-2026-32178)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
25.10 questing	aspnetcore-runtime-10.0 – 10.0.6-0ubuntu1~25.10.1
	aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~25.10.1
	aspnetcore-runtime-9.0 – 9.0.15-0ubuntu1~25.10.1
	dotnet-host-10.0 – 10.0.6-0ubuntu1~25.10.1
	dotnet-host-8.0 – 8.0.26-0ubuntu1~25.10.1
	dotnet-host-9.0 – 9.0.15-0ubuntu1~25.10.1
	dotnet-hostfxr-10.0 – 10.0.6-0ubuntu1~25.10.1
	dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~25.10.1
	dotnet-hostfxr-9.0 – 9.0.15-0ubuntu1~25.10.1
	dotnet-runtime-10.0 – 10.0.6-0ubuntu1~25.10.1
	dotnet-runtime-8.0 – 8.0.26-0ubuntu1~25.10.1
	dotnet-runtime-9.0 – 9.0.15-0ubuntu1~25.10.1
	dotnet-sdk-10.0 – 10.0.106-0ubuntu1~25.10.1
	dotnet-sdk-8.0 – 8.0.126-0ubuntu1~25.10.1
	dotnet-sdk-9.0 – 9.0.116-0ubuntu1~25.10.1
	dotnet-sdk-aot-10.0 – 10.0.106-0ubuntu1~25.10.1
	dotnet-sdk-aot-9.0 – 9.0.116-0ubuntu1~25.10.1
	dotnet10 – 10.0.106-10.0.6-0ubuntu1~25.10.1
	dotnet8 – 8.0.126-8.0.26-0ubuntu1~25.10.1
	dotnet9 – 9.0.116-9.0.15-0ubuntu1~25.10.1
24.04 LTS noble	aspnetcore-runtime-10.0 – 10.0.6-0ubuntu1~24.04.1
	aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~24.04.1
	dotnet-host-10.0 – 10.0.6-0ubuntu1~24.04.1
	dotnet-host-8.0 – 8.0.26-0ubuntu1~24.04.1
	dotnet-hostfxr-10.0 – 10.0.6-0ubuntu1~24.04.1
	dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~24.04.1
	dotnet-runtime-10.0 – 10.0.6-0ubuntu1~24.04.1
	dotnet-runtime-8.0 – 8.0.26-0ubuntu1~24.04.1
	dotnet-sdk-10.0 – 10.0.106-0ubuntu1~24.04.1
	dotnet-sdk-8.0 – 8.0.126-0ubuntu1~24.04.1
	dotnet-sdk-aot-10.0 – 10.0.106-0ubuntu1~24.04.1
	dotnet10 – 10.0.106-10.0.6-0ubuntu1~24.04.1
	dotnet8 – 8.0.126-8.0.26-0ubuntu1~24.04.1
22.04 LTS jammy	aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~22.04.1
	dotnet-host-8.0 – 8.0.26-0ubuntu1~22.04.1
	dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~22.04.1
	dotnet-runtime-8.0 – 8.0.26-0ubuntu1~22.04.1
	dotnet-sdk-8.0 – 8.0.126-0ubuntu1~22.04.1
	dotnet8 – 8.0.126-8.0.26-0ubuntu1~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References