SECURITYARS TECHNICA
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Microsoft released an emergency patch for a high-severity vulnerability (CVE-2026-40372) in ASP.NET Core, which could allow unauthenticated attackers to gain SYSTEM privileges on macOS and Linux devices. The flaw stems from a cryptographic signature verification error in the Microsoft.AspNetCore.DataProtection NuGet package, and even after patching, forged credentials may persist if not manually purged.
Mentioned