Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Apr 22, 2026

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.
The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.
“Improper verification of cryptographic

Get Free Report & Network Analysis

Please check your email for the free report.