Apr 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-40372 Published on April 21, 2026

ASP.NET Core Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Products Associated with CVE-2026-40372

Want to know whenever a new CVE is published for Microsoft ASP.NET Core? stack.watch will email you.

Microsoft ASP.NET Core

Affected Versions

Microsoft ASP.NET Core 10.0:

Version 10.0 and below 10.0.7 is affected.

Apr 2026: ASP.NET Core Elevation of Privilege VulnerabilityCVE-2026-40372 Published on April 21, 2026

Weakness Type

Improper Verification of Cryptographic Signature

Products Associated with CVE-2026-40372

Affected Versions

Apr 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-40372 Published on April 21, 2026