Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47300 Published on July 14, 2026
ASP.NET Core Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Weakness Type
Incorrect Implementation of Authentication Algorithm
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.
Products Associated with CVE-2026-47300
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 10.0:- Version 10.0.0 and below 10.0.6 is affected.
- Version 8.0.0 and below 8.0.29 is affected.
- Version 9.0.0 and below 9.0.18 is affected.
- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.