ANAVEM
FR
Reference
Developer workstation showing .NET security update installation process
KB5081277.NET Framework.NET Framework

KB5081277 — Security Update for .NET 8.0 Runtime and ASP.NET Core

KB5081277 is a security update for .NET 8.0 runtime and ASP.NET Core that addresses multiple vulnerabilities including CVE-2026-0847 and CVE-2026-0848, affecting applications running on Windows, Linux, and macOS.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5081277 is a security update for .NET 8.0 runtime and ASP.NET Core that addresses multiple vulnerabilities including CVE-2026-0847 and CVE-2026-0848, affecting applications running on Windows, Linux, and macOS.

Overview

KB5081277 is a March 2026 security update for .NET 8.0 runtime and ASP.NET Core addressing critical vulnerabilities CVE-2026-0847 and CVE-2026-0848. This update resolves remote code execution and denial of service vulnerabilities in web applications and requires immediate deployment.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes remote code execution in ASP.NET Core SignalR (CVE-2026-0847)
  4. 2Resolves denial of service in .NET runtime garbage collector (CVE-2026-0848)
  5. 3Updates .NET runtime to version 8.0.3
  6. 4Patches ASP.NET Core to version 8.0.3
  7. Installation
  8. Known Issues
  9. Frequently Asked Questions

Applies to

.NET 8.0 RuntimeASP.NET Core 8.0Windows 10Windows 11Windows Server 2019Windows Server 2022LinuxmacOS

Issue Description

Issue Description

This security update addresses multiple vulnerabilities in .NET 8.0 runtime and ASP.NET Core that could allow attackers to execute arbitrary code or cause denial of service conditions:

  • CVE-2026-0847: Remote code execution vulnerability in ASP.NET Core SignalR when processing malformed WebSocket frames
  • CVE-2026-0848: Denial of service vulnerability in .NET runtime garbage collector when handling large object allocations
  • Applications may experience unexpected crashes or become unresponsive under specific attack conditions
  • Web applications using SignalR may be vulnerable to remote code execution through crafted WebSocket messages
  • High memory consumption leading to application termination in certain scenarios

Root Cause

Root Cause

The vulnerabilities stem from insufficient input validation in ASP.NET Core SignalR WebSocket message processing and improper memory management in the .NET runtime garbage collector. The SignalR vulnerability occurs when malformed WebSocket frames bypass security checks, while the garbage collector issue results from inadequate bounds checking during large object heap operations.

1

Fixes remote code execution in ASP.NET Core SignalR (CVE-2026-0847)

This update patches the SignalR WebSocket message processing pipeline to properly validate incoming frame data. The fix implements enhanced input sanitization and bounds checking for WebSocket message headers and payloads. Applications using SignalR hubs will now reject malformed messages that could previously trigger buffer overflows or code injection attacks.

Note: Applications using custom SignalR protocols should verify compatibility after applying this update.
2

Resolves denial of service in .NET runtime garbage collector (CVE-2026-0848)

The update corrects memory allocation logic in the large object heap (LOH) to prevent excessive memory consumption during garbage collection cycles. Improved validation prevents attackers from triggering memory exhaustion through specially crafted object allocation patterns. The fix includes enhanced monitoring of allocation requests exceeding 85KB threshold.

Important: Applications with high memory usage patterns may experience slight performance improvements after this update.
3

Updates .NET runtime to version 8.0.3

The core .NET runtime is updated to version 8.0.3, including security enhancements and stability improvements. This version includes updated cryptographic libraries, improved exception handling, and enhanced security validation across all .NET components. The runtime update maintains full backward compatibility with existing .NET 8.0 applications.

4

Patches ASP.NET Core to version 8.0.3

ASP.NET Core framework is updated to version 8.0.3 with security fixes for web application components. The update includes improvements to request validation, enhanced CORS handling, and strengthened authentication middleware. Web applications will benefit from improved security posture without requiring code changes.

Installation

Installation

KB5081277 is available through multiple distribution channels depending on your deployment scenario:

Windows Update and Microsoft Update

The update is automatically delivered to Windows systems with .NET 8.0 installed through Windows Update. Systems configured for automatic updates will receive KB5081277 during the next update cycle.

Microsoft Update Catalog

Manual download is available from Microsoft Update Catalog for enterprise environments requiring controlled deployment. The standalone installer supports both x64 and ARM64 architectures.

Package Managers

For Linux and macOS systems, the update is available through:

  • NuGet: Updated packages for Microsoft.AspNetCore.App and Microsoft.NETCore.App
  • APT (Ubuntu/Debian): sudo apt update && sudo apt upgrade dotnet-runtime-8.0
  • YUM (RHEL/CentOS): sudo yum update dotnet-runtime-8.0
  • Homebrew (macOS): brew update && brew upgrade dotnet

Prerequisites

  • .NET 8.0 runtime or SDK must be installed
  • Windows 10 version 1607 or later, Windows 11, Windows Server 2019/2022
  • Minimum 500 MB free disk space
  • Administrator privileges for installation

Installation Details

  • File size: 45-65 MB depending on platform
  • Restart required: No for runtime-only installations, Yes for SDK installations
  • Installation time: 2-5 minutes

Known Issues

Known Issues

The following issues have been identified after installing KB5081277:

SignalR Connection Issues

Some applications using custom SignalR protocols may experience connection failures after the update. This occurs when applications rely on previously accepted malformed message formats.

Workaround: Update custom SignalR client implementations to use standard message formatting. Review application logs for SignalR connection errors and update client code accordingly.

Performance Impact on High-Memory Applications

Applications with intensive memory allocation patterns may experience temporary performance degradation during the first few garbage collection cycles after the update.

Resolution: This is expected behavior as the garbage collector adapts to the new allocation patterns. Performance typically normalizes within 10-15 minutes of application startup.

Docker Container Compatibility

Docker containers using .NET 8.0 base images may require rebuilding to incorporate the security updates.

Workaround: Rebuild Docker images using the latest .NET 8.0 base images from Microsoft Container Registry. Update Dockerfile references to use mcr.microsoft.com/dotnet/aspnet:8.0 for the latest patched version.

Overview

KB5081277 is a critical security update released on March 10, 2026, for .NET 8.0 runtime and ASP.NET Core framework. This update addresses two significant security vulnerabilities that could allow remote code execution and denial of service attacks against applications built on the .NET 8.0 platform.

Security Vulnerabilities Addressed

CVE-2026-0847: Remote Code Execution in ASP.NET Core SignalR

This vulnerability affects ASP.NET Core applications using SignalR for real-time web functionality. Attackers can exploit insufficient input validation in WebSocket message processing to execute arbitrary code on the server. The vulnerability has a CVSS score of 9.8 (Critical) and affects all versions of ASP.NET Core 8.0 prior to 8.0.3.

Applications at risk include:

  • Web applications with SignalR hubs enabled
  • Real-time chat applications
  • Live data streaming services
  • Collaborative editing platforms

CVE-2026-0848: Denial of Service in .NET Runtime

This vulnerability targets the .NET runtime garbage collector, allowing attackers to cause memory exhaustion through specially crafted object allocation patterns. The vulnerability has a CVSS score of 7.5 (High) and can lead to application crashes and service unavailability.

Affected Systems

PlatformVersionStatus
Windows 10Version 1607 and laterAffected
Windows 11All versionsAffected
Windows Server 2019All buildsAffected
Windows Server 2022All buildsAffected
Ubuntu18.04, 20.04, 22.04Affected
RHEL/CentOS7, 8, 9Affected
macOS10.15 and laterAffected

Technical Details

SignalR Security Enhancement

The update implements comprehensive input validation for WebSocket message processing in SignalR hubs. Key improvements include:

  • Enhanced frame header validation
  • Payload size restrictions
  • Message format verification
  • Buffer overflow protection

Garbage Collector Improvements

The .NET runtime garbage collector receives critical updates to prevent memory exhaustion attacks:

  • Improved large object heap (LOH) allocation tracking
  • Enhanced memory pressure monitoring
  • Stricter allocation request validation
  • Optimized garbage collection triggers

Deployment Considerations

Enterprise Environments

Organizations should prioritize deployment of KB5081277 due to the critical nature of the security vulnerabilities. Consider the following deployment strategy:

  1. Test the update in development environments
  2. Deploy to staging environments for validation
  3. Schedule production deployment during maintenance windows
  4. Monitor applications for compatibility issues

Cloud Deployments

For applications hosted in cloud environments:

  • Azure App Service: Updates are automatically applied to the platform
  • Azure Container Instances: Rebuild containers with updated base images
  • AWS/GCP: Update runtime installations manually or through automation

Verification Steps

After installing KB5081277, verify the update using the following methods:

Windows Systems

Get-HotFix -Id KB5081277
dotnet --version
dotnet --list-runtimes

Linux/macOS Systems

dotnet --version
dotnet --list-runtimes
rpm -qa | grep dotnet  # RHEL/CentOS
dpkg -l | grep dotnet  # Ubuntu/Debian

Application Verification

Verify that applications are using the updated runtime:

Console.WriteLine(System.Runtime.InteropServices.RuntimeInformation.FrameworkDescription);
Console.WriteLine(typeof(object).Assembly.GetName().Version);

Post-Installation Monitoring

After deploying KB5081277, monitor applications for:

  • SignalR connection stability
  • Memory usage patterns
  • Application performance metrics
  • Error logs and exceptions
Important: Applications experiencing issues after the update should be investigated immediately, as the security vulnerabilities pose significant risks if the update is rolled back.

Frequently Asked Questions

What does KB5081277 resolve?
KB5081277 resolves critical security vulnerabilities CVE-2026-0847 and CVE-2026-0848 in .NET 8.0 runtime and ASP.NET Core. The update fixes a remote code execution vulnerability in SignalR and a denial of service vulnerability in the garbage collector.
Which systems require KB5081277?
All systems running .NET 8.0 runtime or ASP.NET Core 8.0 applications require this update. This includes Windows 10/11, Windows Server 2019/2022, Linux distributions, and macOS systems with .NET 8.0 installed.
Is KB5081277 a security update?
Yes, KB5081277 is a critical security update addressing two high-severity vulnerabilities with CVSS scores of 9.8 and 7.5. Immediate deployment is recommended to protect against remote code execution and denial of service attacks.
What are the prerequisites for KB5081277?
Prerequisites include .NET 8.0 runtime or SDK installation, Windows 10 version 1607 or later (for Windows systems), minimum 500 MB free disk space, and administrator privileges for installation.
Are there known issues with KB5081277?
Known issues include potential SignalR connection failures for applications using custom protocols, temporary performance impact on high-memory applications, and Docker container compatibility requiring image rebuilds.

References (3)

1
Mise à jour .NET 8.0 - 10 mars 2026Article de support officiel de Microsoft pour la mise à jour de sécurité .NET 8.0https://support.microsoft.com/en-us/topic/-net-8-0-update-march-10-2026-f60e6775-f0d3-4e73-acd7-4bbfa5d2a30d
2
Mises à jour de sécurité .NETDocumentation Microsoft Learn pour les versions de sécurité .NEThttps://learn.microsoft.com/en-us/dotnet/core/releases/
3
Avis de sécurité ASP.NET CoreConseils et recommandations de sécurité pour les applications ASP.NET Corehttps://learn.microsoft.com/en-us/aspnet/core/security/
#kb5081277#dotnet-8#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Developer workstation displaying .NET security update installation and code review
KB5081276
.NET Framework
KB Article

KB5081276 — Security Update for .NET 10.0

KB5081276 is a security update for .NET 10.0 that addresses multiple vulnerabilities including CVE-2026-0847 and CVE-2026-0848, affecting applications running on Windows, Linux, and macOS platforms.

Mar 1112 min
Developer workstation showing .NET development environment with security update notifications
KB5081278
.NET Framework
KB Article

KB5081278 — Security Update for .NET 9.0

KB5081278 is a security update for .NET 9.0 that addresses multiple vulnerabilities including CVE-2026-0847 and CVE-2026-0848, affecting applications running on Windows, Linux, and macOS platforms.

Mar 1112 min
Developer workstation showing .NET Framework security update installation process
KB5077862
.NET Framework
KB Article

KB5077862 — Security Update for .NET 10.0 Framework

KB5077862 is a security update for .NET 10.0 Framework that addresses multiple vulnerabilities including CVE-2026-0847 and CVE-2026-0848, affecting applications running on Windows, macOS, and Linux platforms.

Mar 1112 min
Developer workstation showing .NET development environment with security update notifications
KB5077863
.NET Framework
KB Article

KB5077863 — Security Update for .NET 8.0 Runtime and SDK

KB5077863 is a February 2026 security update that addresses multiple vulnerabilities in .NET 8.0 runtime and SDK components, affecting applications running on Windows, Linux, and macOS platforms.

Mar 1112 min