Tech Apr 22, 2026 4 min Microsoft Patches ASP.NET Core Privilege Escalation CVE-2026-40372 A regression in cryptographic signature validation introduced a CVSS 9.1 flaw into .NET 10.0. The Data Protection API implemented HMAC verification incompletely, opening the door to padding oracle attacks and forged authentication tokens. Security ASP.NET Core .NET CVE Vulnerability Cryptography
