Microsoft Issues Critical Update for ASP.NET Vulnerability

Microsoft has released an emergency update, version 10.0.7, for its ASP.NET Core framework to address a critical vulnerability (CVE-2026-40372) that allows unauthenticated attackers to gain SYSTEM privileges on Linux and macOS devices. This high-severity flaw stems from improper cryptographic signature verification, which could allow malicious entities to forge authentication payloads and compromise security, particularly during HMAC validation processes. The vulnerability impacts versions 10.0.0 to 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package. Users running affected versions are advised to immediately upgrade to mitigate risks.