CVE-2026-40372: asp.net core vulnerability

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40372CVSS 9.1Windows

CVE-2026-40372: asp.net core vulnerability

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

CVSS
9.1 CRITICAL
EPSS
95.42%
Known exploited
not in KEV
Product
asp.net core

What is known

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Sources