External risk intelligence

Attackers can gain control of ASP.NET Core systems over the internet.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-40372

A critical security flaw in Microsoft's ASP.NET Core allows unauthenticated attackers to gain unauthorized control over web applications from anywhere on the internet. This serious vulnerability needs immediate attention.

4Halo Surface Signal

Microsoft Asp Net Core

10.0.0 to before 10.0.7

External exposure likelihood

Halo Surface Signal score for CVE-2026-40372

ASP.NET Core is a framework widely used for building web applications and APIs. Because the vulnerability resides in the authentication middleware, a component standard for securing web traffic, it is commonly present in internet-facing deployments where web services are accessible to external users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Horizon Alert

Summary of the vulnerability and why it matters

A security issue in ASP.NET Core could let an attacker gain higher privileges by exploiting how the software checks digital signatures. This vulnerability is concerning because it can be exploited remotely, potentially impacting many applications.

  • Attackers can gain elevated privileges.
  • Affects systems accessible from the internet.
  • Allows for unauthorized access control.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this vulnerability over the network to impersonate legitimate users. By bypassing signature verification, an attacker could gain unauthorized access and potentially modify or execute sensitive operations within the application.

  • Network access required.
  • Vulnerable authentication mechanism.
  • No user interaction needed.

Live Threat

Current exploitation, exposure, and threat context

This ASP.NET Core vulnerability allows attackers to gain elevated privileges over a network, a critical capability that attackers actively seek. The improper verification of cryptographic signatures presents a direct path for unauthorized access and control. Given its nature and the widespread use of ASP.NET Core, this vulnerability is a prime candidate for exploitation.

  • Attackers favor credential theft and privilege escalation.
  • The vulnerability affects widely used ASP.NET Core.
  • No public exploit code is currently observed.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching ASP.NET Core services that are directly exposed to the network and handle authentication. Given the potential for unauthorized privilege escalation, immediate containment or isolation is critical if patching is delayed.

  • Apply the security update for ASP.NET Core.
  • Isolate affected services if patching is not immediate.
  • Monitor for unauthorized access attempts.

Frequently asked questions

What is Microsoft ASP.NET Core and its purpose?

Microsoft ASP.NET Core is a free, open-source framework designed for creating modern web applications. It enables developers to build dynamic and interactive online services like websites, APIs, and microservices that are accessible globally.

What type of weakness does CVE-2026-40372 describe?

CVE-2026-40372 details a weakness identified as CWE-347, which relates to improper verification of cryptographic signatures. This means the software fails to correctly validate digital signatures, potentially allowing untrusted data to be accepted.

How can an attacker exploit this ASP.NET Core vulnerability?

An unauthenticated attacker can exploit this vulnerability over a network by bypassing signature verification. This allows them to gain unauthorized access and potentially elevate their privileges, leading to impersonation or unauthorized modification/execution of sensitive operations.

What is the relevance of CVE-2026-40372 concerning the Halo Surface Signal?

The Halo Surface Signal indicates this CVE is 'Likely' to be exploited because ASP.NET Core is a widely used framework for web applications and APIs. The vulnerability's location in the authentication middleware, a standard component for securing web traffic, makes it prevalent in internet-facing deployments accessible to external users.

What is the recommended response to this ASP.NET Core vulnerability?

The immediate priority is to apply the security update for ASP.NET Core, especially for services exposed to the network that handle authentication. If patching cannot be done immediately, isolating affected services and monitoring for any unauthorized access attempts is critical due to the potential for privilege escalation.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified