CRITICALCVE-2026-40372Published Modified CNA microsoft
CVE-2026-40372: ASP.NET Core Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- 10.0.7
- Affected Products
- 2
Affected packages
- Microsoft / ASP.NET Core 10.0< 10.0.7 (from 10.0)
- Microsoft / Microsoft Visual Studio 2026 version 18.5< 18.5.2 (from 18.5.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C