CVE-2026-40372
Coverage of CVE-2026-40372 in the Nexus archive.
- Microsoft issues emergency update for macOS and Linux ASP.NET threat
Microsoft released an emergency patch for a high-severity vulnerability (CVE-2026-40372) in ASP.NET Core, which could allow unauthenticated attackers to gain SYSTEM privileges on macOS and Linux devices. The flaw stems from a cryptographic signature verification error in the Microsoft.AspNetCore.DataProtection NuGet package, and even after patching, forged credentials may persist if not manually purged.
- Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to fix a critical privilege escalation vulnerability in ASP.NET Core, tracked as CVE-2026-40372 with a CVSS score of 9.1. The flaw, rated Important, was discovered by an anonymous researcher and involves improper verification of cryptographic mechanisms.