Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Summary
Microsoft has issued out-of-band patches for a critical vulnerability in ASP.NET Core, designated CVE-2026-40372. This flaw allows for privilege escalation, posing a significant risk to affected systems. The vulnerability has a CVSS score of 9.1 and is rated as 'Important'.
IFF Assessment
This is bad news for defenders as a critical vulnerability allowing privilege escalation has been discovered and patched, indicating a significant risk that attackers could exploit.
Severity
The CVSS score of 9.1 indicates a critical severity vulnerability that allows for privilege escalation, likely due to factors such as an easily exploitable attack vector and significant impact on confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize applying the out-of-band patches for ASP.NET Core immediately to mitigate the risk of privilege escalation. Staying updated on Microsoft's security advisories and applying patches promptly is crucial for preventing exploitation of such critical vulnerabilities.