Microsoft.AspNetCore.Server.Kestrel.Core

NuGet4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting Microsoft.AspNetCore.Server.Kestrel.Corepage 1 of 1

CVE-2018-0787HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.2
2018-03-14
vulnerable: 2.0.0, 2.0.1
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2019-0564HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.7
2019-01-08
vulnerable: 2.1.0, 2.1.1, 2.1.2, 2.1.3
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
CVE-2021-1723HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.25
2021-01-12
vulnerable: 0.0.1-alpha ... 2.1.7 (16 versions)
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2025-55315CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.3.6
2025-10-14
vulnerable: 0.0.1-alpha ... 2.3.0 (22 versions)
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Check whether Microsoft.AspNetCore.Server.Kestrel.Core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Microsoft.AspNetCore.Server.Kestrel.Core CVEs against the assets you own.

Start Free Scan →