CVE Catalog

CVE-2026-40372

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
11.21%

95th percentile — higher than 95% of all known CVEs

Summary

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Risk Assessment

An attacker could gain unauthorized access to application resources, potentially taking control of the system or data.

Recommendation

Immediately update ASP.NET Core to the latest patched version and verify authentication and cryptographic signature configurations.

Original NVD description (English source)

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS