Skip to content
The Nexus
SECURITYApr 22 · 19:32 UTCARS TECHNICADan Goodin

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for a high-severity vulnerability (CVE-2026-40372) in ASP.NET Core, which could allow unauthenticated attackers to gain SYSTEM privileges on macOS and Linux devices. The flaw stems from a cryptographic signature verification error in the Microsoft.AspNetCore.DataProtection NuGet package, and even after patching, forged credentials may persist if not manually purged.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this