Microsoft Releases Emergency Patches for Critical ASP.NET Core Vulnerability
Microsoft has issued out-of-band security updates to address CVE-2026-40372, a critical privilege escalation vulnerability found in ASP.NET Core. The flaw, located within the Data Protection cryptographic APIs, could potentially allow unauthenticated attackers to gain SYSTEM privileges by forging authentication cookies. Users are strongly advised to update the Microsoft.AspNetCore.DataProtection package to version 10.0.7 immediately to mitigate this risk.
Want more?
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.