Moole Vulnerability Database

Find real vulnerabilities before they ship

Critical

CVE-2026-40372

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

VectorNETWORK

PublishedApr 21, 2026, 20:16

Published Bysecure@microsoft.com

Base Score

Score9.1

Package (Ecosystem)IntroducedFixedLimit

Microsoft.AspNetCore.DataProtection(NuGet)10.0.010.0.7N/A

CWE-347

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base SeverityCritical

Version

3.1

Attack Vector (AV)

NETWORK