.NET 10.0.10
.NET 10.0.10 is now available as a servicing update for the .NET 10 release. This update focuses primarily on security hardening, addressing 17 CVEs discovered since the 10.0.9 release.
Security Fixes
This release patches multiple security vulnerabilities across the .NET runtime, ASP.NET Core, and related components. Notable CVEs include:
- CVE-2026-50646 / CVE-2026-50649 / CVE-2026-56158 — Remote Code Execution vulnerabilities affecting the runtime and ASP.NET Core
- CVE-2026-50651 / CVE-2026-50524 / CVE-2026-47302 / CVE-2026-50648 / CVE-2026-50527 / CVE-2026-50525 / CVE-2026-57108 — Denial of Service vulnerabilities across various components
- CVE-2026-50650 / CVE-2026-47300 / CVE-2026-47303 — Elevation of Privilege vulnerabilities
- CVE-2026-50526 — Tampering vulnerability
- CVE-2026-50528 / CVE-2026-47304 — Security Feature Bypass vulnerabilities
- CVE-2026-50659 — Spoofing vulnerability
Included SDK Versions
The 10.0.10 release ships with two SDK options: SDK 10.0.302 (the latest feature band) and SDK 10.0.110 (the LTS-compatible band). Both include the updated 10.0.10 runtime.
How to Update
Existing .NET 10 users can update through their package manager, Visual Studio, or by downloading the updated SDK directly from the .NET download page. The updated Docker images are also available on Microsoft Container Registry.
For Visual Studio users on Windows, Microsoft recommends installing the latest Visual Studio 18.8 update alongside this servicing release. VS Code users can continue using the C# Dev Kit extension with .NET 10.
This is a recommended update for all production environments due to the security-critical nature of the fixes included.