Skip to content
The Nexus
SECURITYApr 22 · 09:29 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to fix a critical privilege escalation vulnerability in ASP.NET Core, tracked as CVE-2026-40372 with a CVSS score of 9.1. The flaw, rated Important, was discovered by an anonymous researcher and involves improper verification of cryptographic mechanisms.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this