CVE-2026-40372
CRITICALASP.NET Core Elevation of Privilege Vulnerability
Title source: cnaDescription
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
Scores
CVSS v3
9.1
EPSS
0.0002
EPSS Percentile
6.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (4)
Microsoft/ASP.NET Core 10.0
10.0 - 10.0.7
microsoft/asp.net_core
10.0.0 - 10.0.7
Microsoft/Microsoft Visual Studio 2026 version 18.5
18.5.0 - 18.5.2
nuget/Microsoft.AspNetCore.DataProtection
10.0.0 - 10.0.7NuGet
Published
Apr 21, 2026
Tracked Since
Apr 22, 2026