CVE-2026-40372 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 21, 2026
ASP.NET Core - Authentication Bypass
Overview
ASP.NET Core contains a broken authentication caused by improper verification of cryptographic signature, letting unauthorized attackers elevate privileges over a network, exploit requires network access.
Severity & Score
Impact
Unauthorized attackers can elevate privileges over the network, potentially gaining unauthorized access or control.
Mitigation
Update to the latest version of ASP.NET Core.
Social Media Activity(2 posts)
š“ CVE-2026-40372 - Critical (9.1) Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. š https://www.thehackerwire.com/vulnerability/CVE-2026-40372/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-40372 - Critical (9.1) Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. š https://www.thehackerwire.com/vulnerability/CVE-2026-40372/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40372
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-347
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N