{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40372", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-04-11T23:06:15.615Z", "datePublished": "2026-04-21T19:20:50.215Z", "dateUpdated": "2026-05-12T17:39:53.725Z"}, "containers": {"cna": {"title": "ASP.NET Core Elevation of Privilege Vulnerability", "datePublic": "2026-04-21T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0", "versionEndExcluding": "10.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.5.0", "versionEndExcluding": "18.5.2"}]}]}], "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 10.0", "versions": [{"version": "10.0", "lessThan": "10.0.7", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2026 version 18.5", "versions": [{"version": "18.5.0", "lessThan": "18.5.2", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "en-US", "type": "CWE", "cweId": "CWE-347"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:53.725Z"}, "references": [{"name": "ASP.NET Core Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-40372"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T03:56:11.609Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T19:40:46.203140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:40:48.644Z"}}], "cna": {"title": "ASP.NET Core Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 10.0", "versions": [{"status": "affected", "version": "10.0", "lessThan": "10.0.7", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2026 version 18.5", "versions": [{"status": "affected", "version": "18.5.0", "lessThan": "18.5.2", "versionType": "custom"}]}], "datePublic": "2026-04-21T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372", "name": "ASP.NET Core Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.7", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "18.5.2", "versionStartIncluding": "18.5.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T16:06:54.527Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40372", "state": "PUBLISHED", "dateUpdated": "2026-05-11T16:06:54.527Z", "dateReserved": "2026-04-11T23:06:15.615Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-21T19:20:50.215Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "001BC473-2D30-41BA-8E83-E80A22F519D3", "versionEndExcluding": "10.0.7", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network."}], "id": "CVE-2026-40372", "lastModified": "2026-04-27T19:57:39.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-21T20:16:59.133", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{"bugzilla": {"description": "ASP.NET Core: ASP.NET: ASP.NET Core: Privilege escalation via improper cryptographic signature verification", "id": "2460224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460224"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["A flaw was found in ASP.NET Core due to improper verification of cryptographic signatures. An unauthorized attacker can exploit this vulnerability remotely over a network, leading to privilege escalation."], "name": "CVE-2026-40372", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "dotnet10.0", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "dotnet9.0", "product_name": "Red Hat Hardened Images"}], "public_date": "2026-04-21T19:20:50Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40372\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40372\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372"], "statement": "No Red Hat products are affected as this vulnerability is specific to Microsoft.AspNetCore.DataProtection 10.0.6 from NuGet.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[10.0,10.0.7)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "ASP.NET Core 10.0", "source": "cna", "vendor": "Microsoft"}, "product": "asp.net_core", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-22T06:45:05.068261+00:00", "value": {"mitigation_remediation": ["Apply the Microsoft security update that corrects the signature verification logic in ASP.NET Core.", "Audit all custom authentication components to ensure they use the updated cryptographic APIs and do not accept externally supplied data for signature validation.", "If a patch is not immediately available, limit exposure by restricting network access to trusted IP ranges and applying segmentation to isolate critical services."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft ASP.NET Core version 10.0 on all platforms that support this runtime. Any deployment of the framework that relies on the default signature validation path is susceptible.", "description_and_impact": "An attacker who can supply a forged cryptographic signature can bypass the normal authentication checks in Microsoft ASP.NET Core, effectively boosting their privileges within the application. The flaw stems from a failure to properly verify the signature, meaning the system accepts untrusted data as a valid authorization token. This allows an unauthorized user to acquire higher level access than intended. Based on the description, it is inferred that an attacker could modify protected resources, change configuration, or move laterally within the environment.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.1, indicating high severity. The EPSS score is not available, and the issue is not listed in CISA KEV. Based on the description, the likely attack vector is over the network, where an attacker can inject a forged signature into an authentication flow. Exploitation requires the ability to send a signed request to an endpoint that performs the flawed verification. Once exploited, the attacker gains elevated privileges within the ASP.NET Core application and can act as an authenticated user with full rights."}}}}, "created": "2026-04-22T03:30:06.541189+00:00", "updated": "2026-04-22T06:45:10.882156+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$asp.net_core"]}