CVE-2023-36899

HIGH EXPLOITED

.NET Framework - Elevation of Privilege via ASP.NET

Title source: llm

Exploitation Summary

CVE-2023-36899 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including midisec, d0rb.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2023-36899, which exploits the cookieless session feature in ASP.NET Framework to bypass IIS authentication and application pool restrictions.

Description

ASP.NET Elevation of Privilege Vulnerability

Exploits (2)

nomisec WRITEUP 32 stars

by midisec · remote-auth

https://github.com/midisec/CVE-2023-36899

View Code ZIP pw:eip

This repository provides a detailed writeup and proof-of-concept for CVE-2023-36899, which exploits the cookieless session feature in ASP.NET Framework to bypass IIS authentication and application pool restrictions.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: ASP.NET Framework (IIS)

No auth needed

Prerequisites: Windows Server with IIS · .NET Framework 4.5 · Specific directory structure and authentication settings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by d0rb · poc

https://github.com/d0rb/CVE-2023-36899

View Code ZIP pw:eip

This PoC exploits CVE-2023-36899 by crafting a malicious URL that bypasses cookie-based authentication in a .NET web application. It uses WinHTTP to send a GET request to a vulnerable path, demonstrating an authentication bypass vulnerability.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Microsoft .NET web applications (specific version not specified)

No auth needed

Prerequisites: Target domain with vulnerable .NET web application · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899

Scores

CVSS v3 8.8

EPSS 0.7004

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2026-03-31

CWE

CWE-20

Status published

Products (8)

microsoft/.net_framework 4.8

microsoft/.net_framework 4.6.2

microsoft/.net_framework 4.7

microsoft/.net_framework 4.7.1

microsoft/.net_framework 4.7.2

microsoft/.net_framework 3.5

microsoft/.net_framework 4.8.1

microsoft/.net_framework 2.0 sp2

Published Aug 08, 2023

Tracked Since Feb 18, 2026