Skip to main content

Tag: cve 2026 40372

2 articles

Close-up of laptop screen with code, keyboard in focus, against blurred server room background.

Microsoft Fixes ASP.NET Core Bug That Enables Privilege Escalation

Microsoft just patched a critical bug in ASP.NET Core that could let hackers escalate their privileges and take control - and they've already released an out-of-band update to fix it. The flaw, tracked as CVE-2026-40372, carries a near-perfect CVSS score of 9.1, indicating a high severity threat.

Analyst 207
Close-up of laptop screen with code, developer in background looks on with concern.

Microsoft Disrupts ASP.NET Flaw Allowing SYSTEM Privilege Escalation

Microsoft has patched a critical ASP.NET Core vulnerability, CVE-2026-40372, that allowed unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges on affected devices. This fix addresses a flaw in the ASP.NET Core Data Protection cryptographic APIs that could be exploited for privilege escalation.

Analyst 207