CVE-2026-40372

Published Apr 21, 2026

Last updated 4 days ago

CVSS critical 9.1

Overview

Description
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
asp.net_core

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-347

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2026-3888 3 - CVE-2026-40372 4 - CVE-2025-59536 5 - CVE-2026-26144 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    23 Apr 2026

    194 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.CVE-2026-26130
  2. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.CVE-2025-55315
  3. Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.CVE-2025-26682
  4. Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.CVE-2025-24070
  5. .NET Denial of Service VulnerabilityCVE-2024-21404

References

Sources include official advisories and independent security research.