Cyber Resilience

CVE-2026-40372

CriticalUpdated

Published: 21 April 2026

Published
21 April 2026
Modified
27 June 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.1035 95.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-40372 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Asp.Net Core. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-40372 is an improper verification of cryptographic signature vulnerability (CWE-347) affecting ASP.NET Core. Published on 2026-04-21T20:16:59.133, it enables an unauthorized attacker to elevate privileges over a network and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.

The vulnerability can be exploited remotely by any unauthorized attacker (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N) required. Exploitation over the network (AV:N) allows privilege elevation without affecting availability, but with significant compromise to data confidentiality and integrity under an unchanged scope (S:U).

Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes a remote network privilege escalation vulnerability in ASP.NET Core due to improper cryptographic signature verification, directly enabling exploitation of public-facing applications for initial access/priv esc (T1190) and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26130Same product: Microsoft Asp.Net Core
CVE-2025-24043Same vendor: Microsoft
CVE-2025-55315Same product: Microsoft Asp.Net Core
CVE-2026-20965Same vendor: Microsoft
CVE-2025-26683Same vendor: Microsoft
CVE-2025-21177Same vendor: Microsoft
CVE-2025-59245Same vendor: Microsoft
CVE-2026-26125Same vendor: Microsoft
CVE-2025-59503Same vendor: Microsoft
CVE-2025-59246Same vendor: Microsoft

Affected Assets

microsoft
asp.net core
10.0.0 — 10.0.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic integrity verification for software, firmware, and information, directly mitigating the improper signature verification flaw in ASP.NET Core that enables privilege escalation.

prevent

Mandates implementation of cryptographic mechanisms to protect information integrity and authenticity, addressing the core cryptographic signature verification failure exploited remotely.

preventrecover

Ensures timely flaw remediation through identification, reporting, and patching, critical for correcting the specific ASP.NET Core signature verification vulnerability per the MSRC advisory.

References