FERRAMENTAS LINUX: .NET Security: Stop SMTP Injection & Stack Overflows (Works Today & Next Year)

Your .NET 8.0 apps might be wide open to SMTP injection and stack overflow attacks. No matter when you read this, here are the exact commands to check, patch, or block CVE-2026-32178 and friends on Ubuntu, Rocky, and SUSE – plus a script to automate the fix.

First, a quick history lesson: In April 2026, Red Hat and Rocky Linux pushed a critical update for .NET 8.0 (RLSA-2026:8469). That’s old news now. But the four vulnerabilities it fixed? They still haunt unpatched servers everywhere.

CVE-2026-32178 – SMTP command injection via MailAddress parsing. An attacker sends a malicious "From" address, and your app executes their SMTP commands.

CVE-2026-32203 – Stack overflow DoS. A single bad request crashes your .NET app.

CVE-2026-33116 – Infinite recursion in XmlDecryptionTransform. One small XML file = 100% CPU until restart.

CVE-2026-26171 – Security bypass leading to DoS.

You don’t care about the date. You care if your servers are still vulnerable. Let’s fix that for good.

How to check if you are vulnerable (commands for real distros)

Run these directly on your servers. No guesswork.

Ubuntu (22.04 / 24.04)

# Check installed .NET version
dotnet --info | grep Version

# Vulnerable if SDK < 8.0.126 or Runtime < 8.0.26
# Or just check the package
dpkg -l | grep dotnet

Rocky Linux / AlmaLinux / RHEL 9

rpm -q dotnet8.0
# Vulnerable version: dotnet8.0-8.0.125-1.el9_6 or lower
# Safe version: 8.0.126-1.el9_7 or higher

SUSE Linux Enterprise Server (SLES) 15 / openSUSE Leap

zypper info dotnet8.0 | grep Version
# If Version < 8.0.126 – patch now.

Automation script to apply the fix (bash, works on all major distros)

Save this as and run as root. It detects your distro and updates .NET 8.0 automatically.

#!/bin/bash
# Evergreen .NET 8.0 Security Patcher – covers Ubuntu, Rocky, SUSE
set -e

if [[ $EUID -ne 0 ]]; then
   echo "Run as root: sudo ./patch-dotnet.sh" 
   exit 1
fi

if command -v apt &> /dev/null; then
    echo "Detected Ubuntu/Debian. Patching .NET 8.0..."
    apt update
    apt install -y dotnet8.0 dotnet-sdk-8.0
elif command -v dnf &> /dev/null; then
    echo "Detected RHEL/Rocky/Alma. Patching..."
    dnf update -y dotnet8.0 aspnetcore-runtime-8.0
elif command -v zypper &> /dev/null; then
    echo "Detected SUSE. Patching..."
    zypper refresh
    zypper update -y dotnet8.0
else
    echo "Distro not supported by auto-script. Manual update required."
    exit 1
fi

echo "Update complete. Restart your .NET apps now."

After running: systemctl restart your-dotnet-app (or supervisorctl restart all).

Alternative mitigation if you can’t update now (no excuses)

You can’t run the script? Boss won’t let you reboot? Fine. Block the attack vectors instead.

(stops stack overflow flood attacks)

# Limit incoming connections to port 5000 (your .NET app)
iptables -A INPUT -p tcp --dport 5000 -m connlimit --connlimit-above 50 -j DROP
iptables -A INPUT -p tcp --dport 5000 -m limit --limit 25/second -j ACCEPT

to restrict SMTP injection

# Create /etc/apparmor.d/usr.bin.dotnet
/usr/bin/dotnet {
  # Allow only necessary network
  network inet stream,
  network inet6 stream,
  # Block write access to /etc/mail/ (SMTP configs)
  deny /etc/mail/* w,
}
apparmor_parser -r /etc/apparmor.d/usr.bin.dotnet

Proxy-level blocking ()

# In your nginx reverse proxy config
location / {
    # Block oversized XML payloads (CVE-2026-33116)
    client_max_body_size 10k;
    # Limit request rate
    limit_req zone=dotnet burst=20;
}