Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 12:24 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

Microsoft Releases Urgent Patch for Critical ASP.NET Core Privilege Escalation Vulnerability

Thirumala Rao Padilam Thirumala Rao Padilam April 22, 2026
Microsoft Releases Urgent Patch for Critical ASP.NET Core Privilege Escalation Vulnerability

Microsoft has released an out-of-band security update to address a critical privilege escalation vulnerability in ASP.NET Core. The flaw, identified as CVE-2026-40372, has been assigned a CVSS score of 9.1 and was discovered by an anonymous researcher.

What happened

Microsoft issued urgent security patches for a vulnerability in ASP.NET Core that could enable attackers to escalate privileges. The flaw, tracked under CVE-2026-40372, affects cryptographic verification processes within the framework. An anonymous security researcher reported the issue to Microsoft, prompting the release of the update outside the standard update cycle to mitigate risks swiftly.

Why it matters

Privilege escalation vulnerabilities are significant because they can allow attackers to gain higher levels of access than intended, potentially leading to broader system compromises. ASP.NET Core is widely used in web application development, making this vulnerability relevant for many organizations relying on Microsoft's web framework for their services.

What security teams should do

Security teams using ASP.NET Core are advised to apply the out-of-band updates immediately to address CVE-2026-40372. Reviewing systems for unusual privilege escalation attempts or related anomalies may help identify potential exploitation. Keeping abreast of vendor advisories and applying updates promptly is critical to reduce exposure risks from such critical vulnerabilities.

Key technical details

The vulnerability involves improper verification of cryptographic processes in ASP.NET Core. This flaw enables an attacker to circumvent privilege restrictions, potentially allowing unauthorized elevation within affected systems. The issue carries a CVSS score of 9.1, reflecting its critical impact but is classified as Important severity by Microsoft. The specific cryptographic verification mechanisms and affected versions were addressed in the out-of-band update.

Affected organizations/products

The vulnerability affects the ASP.NET Core framework. Due to the framework's broad usage in web applications, multiple organizations leveraging ASP.NET Core could be affected until patched. Microsoft has not indicated exploitation status or specific targeted campaigns at this time.

Source attribution

https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!