ASP.NET Core
Coverage of ASP.NET Core in the Nexus archive.
- Microsoft issues emergency update for macOS and Linux ASP.NET threat
Microsoft released an emergency patch for a high-severity vulnerability (CVE-2026-40372) in ASP.NET Core, which could allow unauthenticated attackers to gain SYSTEM privileges on macOS and Linux devices. The flaw stems from a cryptographic signature verification error in the Microsoft.AspNetCore.DataProtection NuGet package, and even after patching, forged credentials may persist if not manually purged.
- Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to fix a critical privilege escalation vulnerability in ASP.NET Core, tracked as CVE-2026-40372 with a CVSS score of 9.1. The flaw, rated Important, was discovered by an anonymous researcher and involves improper verification of cryptographic mechanisms.
- Microsoft releases emergency patches for critical ASP.NET flaw
Microsoft has released emergency out-of-band security patches to address a critical privilege escalation vulnerability in ASP.NET Core. The update aims to prevent potential exploitation of the flaw, which could allow attackers to escalate privileges.