Main Vulnerability Database SB20260422218

SB20260422218 - Remote code execution in ASP.NET Core

Published: April 22, 2026

Security Bulletin ID SB20260422218

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-40372)

The vulnerability allows a remote attacker to elevate privileges.

The vulnerability exists due to improper verification of cryptographic signature in Microsoft.AspNetCore.DataProtection when processing cryptographically protected payloads. A remote attacker can send specially crafted data to elevate privileges.

Successful exploitation could result in SYSTEM privileges. The issue affects deployments where the NuGet copy of the library is loaded at runtime, including non-Windows deployments using the vulnerable code path and certain configurations using managed algorithms.

Remediation

Install update from vendor's website.

SB20260422218 - Remote code execution in ASP.NET Core

Breakdown by Severity

Description

Remediation

References

Please verify you're human