Elevation of Privilege Vulnerability in ASP.NET Core by Microsoft
CVE-2026-40372

9.1CRITICAL

Key Information:

Vendor: Microsoft
Status: Asp.net Core 10.0
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-40372?

An improper verification of cryptographic signatures in ASP.NET Core presents a risk where unauthorized attackers can gain elevated privileges over a network. This vulnerability can be exploited to compromise systems, allowing attackers to perform unauthorized actions and potentially access sensitive information. It is essential for users of affected products to apply the necessary security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

ASP.NET Core 10.0 10.0 < 10.0.7

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40372 Data

JSON