CVE-2026-40372

Summary

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftASP.NET Core 10.010.0 < 10.0.7affected
MicrosoftMicrosoft Visual Studio 2026 version 18.518.5.0 < 18.5.2affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

ASP.NET Core: ASP.NET: ASP.NET Core: Privilege escalation via improper cryptographic signature verification

Additional References

References