Apr 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-40372 Published on April 21, 2026

ASP.NET Core Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Products Associated with CVE-2026-40372

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-40372 are published in these products:

Microsoft ASP.NET Core

Microsoft Visual Studio 2026

Canonical Ubuntu Linux

Affected Versions

Microsoft ASP.NET Core 10.0:

Version 10.0 and below 10.0.7 is affected.

Microsoft Visual Studio 2026 version 18.5:

Version 18.5.0 and below 18.5.2 is affected.

Apr 2026: ASP.NET Core Elevation of Privilege VulnerabilityCVE-2026-40372 Published on April 21, 2026

Weakness Type

Improper Verification of Cryptographic Signature

Products Associated with CVE-2026-40372

Affected Versions

Apr 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-40372 Published on April 21, 2026