#CVE202640372

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug Microsoft released out-of-band updates to fix a critical ASP.NET Core vulnerability, CVE-2026-40372, that can allow an attacker to escalate privileges to SYSTEM. The flaw was caused by a regression in Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6 on non-Windows systems and is fixed in ASP.NET Core 10.0.7; tokens issued during the vulnerable window remain valid unless...

Microsoft patches critical ASP.NET Core CVE-2026-40372 privilege escalation bug caused by DataProtection regression in versions 10.0.0–10.0.6 on non-Windows systems. Fixed in 10.0.7; key ring rotation needed to invalidate tokens. #CVE202640372 #ASPNet

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. "Improper verification of cryptographic

iT4iNT SERVER Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug VDS VPS Cloud #Microsoft #ASPNETCore #CVE202640372 #CyberSecurity #PrivilegeEscalation

blog post hero image

From the .NET blog...

In case you missed it earlier...

.NET 10.0.7 Out-of-Band Security Update
devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob... #dotnet #MaintenanceUpdates #NET10 #CVE202640372 #OOB #Security

blog post hero image

From the .NET blog...

.NET 10.0.7 Out-of-Band Security Update
devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob... #dotnet #MaintenanceUpdates #NET10 #CVE202640372 #OOB #Security