CVE-2026-40372

· NIST NVD ↗

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

CRITICAL
CVSS severity
9.1
CVSS base score
2026-04-21
Published

CWE codes

CWE-347

Affected products

microsoft:asp.net_core

Sources