Elevation of Privilege Vulnerability in ASP.NET Core by Microsoft
CVE-2026-40372

9.1CRITICAL

Key Information:

Vendor: Microsoft
Status: Asp.net Core 10.0; Microsoft Visual Studio 2026 Version 18.5
Vendor: CVE Published:; 21 April 2026

Badges

📈 Score: 1,050👾 Exploit Exists📰 News Worthy

What is CVE-2026-40372?

CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core, a framework developed by Microsoft for building web applications and services. This vulnerability arises from inadequate verification of cryptographic signatures within the framework, allowing unauthorized attackers to elevate their privileges over a network. Given the critical role ASP.NET Core plays in the development of secure web applications, the exploitation of this flaw could have severe consequences for organizations utilizing this framework. Attackers could gain unauthorized access to sensitive resources and execute malicious activities that compromise the integrity and confidentiality of the system, posing significant security risks.

Potential impact of CVE-2026-40372

Unauthorized Access to Sensitive Data: Exploiting this vulnerability could enable attackers to gain elevated access to sensitive information, potentially leading to data breaches and unauthorized data manipulation.
Compromise of Application Integrity: The ability to elevate privileges may allow attackers to alter application behavior or compromise system functionality, which could disrupt business operations and undermine user trust.
Increased Risk of Malware Deployment: By taking advantage of this vulnerability, attackers could deploy malware, including ransomware, on affected systems, leading to extensive damage, financial losses, and operational downtime.