CRITICALData BreachACTIVE
The Hacker News: Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
April 22, 2026
Incident Summary
Microsoft released a patch for a critical privilege escalation vulnerability in ASP.NET Core identified as CVE-2026-40372 with a CVSS score of 9.1. The flaw could allow attackers to escalate privileges on affected systems. The incident is relevant to organizations and developers operating ASP.NET Core applications, particularly where vulnerable versions are deployed. Limited public details are available in the provided signal beyond the existence of the vulnerability and that a patch has been issued.
Incident Details
- Type
- Data Breach
- Severity
- CRITICAL
- Status
- ACTIVE
- Date Occurred
- April 22, 2026
#hackernews#security#breach