Tag: cve 2026 40372
2 articles

Microsoft Fixes ASP.NET Core Bug That Enables Privilege Escalation
Microsoft just patched a critical bug in ASP.NET Core that could let hackers escalate their privileges and take control - and they've already released an out-of-band update to fix it. The flaw, tracked as CVE-2026-40372, carries a near-perfect CVSS score of 9.1, indicating a high severity threat.

Microsoft Disrupts ASP.NET Flaw Allowing SYSTEM Privilege Escalation
Microsoft has patched a critical ASP.NET Core vulnerability, CVE-2026-40372, that allowed unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges on affected devices. This fix addresses a flaw in the ASP.NET Core Data Protection cryptographic APIs that could be exploited for privilege escalation.