Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Published: 2 days ago (April 22, 2026 at 05:29 AM EDT)

1 min read

Source: The Hacker News

Overview

Microsoft has released out‑of‑band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.

Vulnerability Details

CVE ID: CVE‑2026‑40372
CVSS Score: 9.1 / 10.0 (rated Important)
Discovery: Reported by an anonymous researcher.

The issue stems from improper verification of cryptographic operations within ASP.NET Core, which can be exploited to gain higher privileges than intended.

Mitigation

Microsoft recommends applying the out‑of‑band updates immediately. The patches are available through the standard Windows Update channels and can also be downloaded manually from the Microsoft Update Catalog.

References

Microsoft Security Advisory for CVE‑2026‑40372
National Vulnerability Database entry for CVE‑2026‑40372

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Overview

Vulnerability Details

Mitigation

References

Related posts

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks

Microsoft to roll out Entra passkeys on Windows in late April

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline