Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47303 Published on July 14, 2026
ASP.NET Core Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Weakness Types
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-47303 has been classified to as an AuthZ vulnerability or weakness.
What is a LDAP Injection Vulnerability?
The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
CVE-2026-47303 has been classified to as a LDAP Injection vulnerability or weakness.
Products Associated with CVE-2026-47303
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft .NET 10.0:- Version 10.0.0 and below 10.0.6 is affected.
- Version 8.0.0 and below 8.0.29 is affected.
- Version 9.0.0 and below 9.0.18 is affected.
- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.