{"id":673,"date":"2026-04-22T10:51:56","date_gmt":"2026-04-22T10:51:56","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=673"},"modified":"2026-04-22T10:51:56","modified_gmt":"2026-04-22T10:51:56","slug":"microsoft-patches-critical-asp-net-core-cve-2026-40372-privilege-escalation-bug","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=673","title":{"rendered":"Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 22, 2026<\/span><\/span>Vulnerability \/ Cryptography<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.<\/p>\n

The vulnerability, tracked as CVE-2026-40372<\/strong>, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.<\/p>\n

\u00abImproper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network,\u00bb Microsoft said<\/a> in a Tuesday advisory. \u00abAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\u00bb<\/p>\n

The tech giant said an attacker could abuse the vulnerability to disclose files and modify data, but emphasized that successful exploitation hinges on three prerequisites –<\/p>\n