CRITICALData BreachACTIVE
The Hacker News: Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
April 22, 2026
Incident Summary
Microsoft released an emergency patch for CVE-2026-40372, described as a critical privilege escalation vulnerability in ASP.NET Core. The issue carries a CVSS score of 9.1 and could allow attackers to gain elevated system access. The incident matters because successful exploitation could increase attacker control over affected systems. Potentially affected parties include organizations using ASP.NET Core in their environments, particularly those that have not applied the patch. Limited public details are available beyond the patch release and the stated impact.
Incident Details
- Type
- Data Breach
- Severity
- CRITICAL
- Status
- ACTIVE
- Date Occurred
- April 22, 2026
#hackernews#security#breach