Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47303 Published on July 14, 2026

ASP.NET Core Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Types

Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-47303 has been classified to as an AuthZ vulnerability or weakness.

What is a LDAP Injection Vulnerability?

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

CVE-2026-47303 has been classified to as a LDAP Injection vulnerability or weakness.


Products Associated with CVE-2026-47303

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

 
 
 

Affected Versions

Microsoft .NET 10.0: Microsoft .NET 8.0: Microsoft .NET 9.0: Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Microsoft Visual Studio 2026 version 18.7: