—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Microsoft ASP.NET Core

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

ASP.NET Core versions prior to 10.0.7

Overview

A vulnerability has been reported in ASP.NET Core, which could allow a remote attacker to gain elevated privileges on the targeted system.

Target Audience:

All end user organizations and individuals using application built on ASP.NET Core.

Risk Assessment:

High risk of Privilege escalation.

Impact Assessment:

Potential for sensitive data exposure, forging of authentication cookies or tokens.

Description

ASP.NET Core is a modern, high-performance, open-source framework developed by Microsoft for building cloud-based, internet-connected applications.

This vulnerability exists in Microsoft ASP.NET Core due to improper verification of cryptographic signatures in the data protection mechanism. A remote attacker could exploit this vulnerability by tampering with or forging ASP.NET Core Data Protection tokens.

Successful exploitation of this vulnerability could allow the attacker to gain elevated privileges on the targeted system.

Solution

Apply appropriate fix/patches as mentioned:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372

References

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372

CVE Name

CVE-2026-40372

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIyBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmn7UcQACgkQ3jCgcSdc

ys81zQ/4vvcZgU0hqr9qfljA1WZfat/cC3X473BE2Mnjam2QSzYL+JKVDOXLW8HP

rvm602IOzQbtuvb52XfQSZ0XWcjR7BtkvNhkAC/Lo6CzT2kC3pCBSOj+UgZGBHVi

CWHUDnSj8rXAATgvGQhyDaQ1LQb71zJljGhM0vILe27lg9onZBagadzUtfXfyL7H

ilsd9eKEWwzy9YK3VMgSiBVhNjR/l6eSuOcSdwSraj4pyhvP4zQuTpCMJnwVzCyH

DLFK7mxaY6f4/5f/ThGVQP0wObo6GeMGqVe38vVk1rs2M1FAEbkF2+jmhrDxGntI

Xx65O7vVBFIeQsQ2bD1dNdJuEauUtUlG18IZzz/eZCn3JfsOaepAlDHBRZ/GJJjb

My9b8JJDpnju3di8ViYWMTYWpDn1aM0oaU+twcQxdy0jOQGmURVdXmunVqRH3ysf

4PFANZ5+zcj4STxg3lNVprBXisvJLxhuqa7SMQLSqWD3CZ8vUv6jv3O3arHLKFYd

KGCulMgI7PdHwDIoXyVCR036thyGz69T3fbkucY3nKRl482ijqLikqj7gemjQ4c7

qYD+v3yDe+51RJMQ2Qe91FPZeBS4vSkRhM5f8ZF0So2F0ziknvdFCbC/7tvMO8ay

4dHpYzlzHbLGBeHtW+R9cCw7ZCnnai44lhXD8Vw1M6LtG43OpA==

=s+Hp

—–END PGP SIGNATURE—–