""Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.""
""A regression in the Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages cause the managed authenticated encryptor to compute its HMAC validation tag over the wrong bytes of the payload and then discard the computed hash in some cases.""
""If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens (session refresh, API key, password reset link, etc.) to themselves.""
Microsoft addressed a critical security vulnerability in ASP.NET Core, tracked as CVE-2026-40372, with a CVSS score of 9.1. The flaw allows unauthorized attackers to escalate privileges over a network. Successful exploitation requires specific conditions, including the use of a vulnerable version of Microsoft.AspNetCore.DataProtection. The vulnerability has been fixed in ASP.NET Core version 10.0.7, which corrects issues in earlier versions that allowed attackers to forge payloads and gain unauthorized access to sensitive data.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]