CVE-2026-40372
Published: 21 April 2026
Summary
CVE-2026-40372 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Asp.Net Core. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires cryptographic integrity verification for software, firmware, and information, directly mitigating the improper signature verification flaw in ASP.NET Core that enables privilege escalation.
Mandates implementation of cryptographic mechanisms to protect information integrity and authenticity, addressing the core cryptographic signature verification failure exploited remotely.
Ensures timely flaw remediation through identification, reporting, and patching, critical for correcting the specific ASP.NET Core signature verification vulnerability per the MSRC advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote network privilege escalation vulnerability in ASP.NET Core due to improper cryptographic signature verification, directly enabling exploitation of public-facing applications for initial access/priv esc (T1190) and exploitation for privilege escalation (T1068).
NVD Description
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
Deeper analysisAI
CVE-2026-40372 is an improper verification of cryptographic signature vulnerability (CWE-347) affecting ASP.NET Core. Published on 2026-04-21T20:16:59.133, it enables an unauthorized attacker to elevate privileges over a network and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.
The vulnerability can be exploited remotely by any unauthorized attacker (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N) required. Exploitation over the network (AV:N) allows privilege elevation without affecting availability, but with significant compromise to data confidentiality and integrity under an unchanged scope (S:U).
Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372.
Details
- CWE(s)