CVEDB API

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.3%

CVSS Severity

CVSS v3 Score 9.1

References

Products affected by CVE-2026-40372

Microsoft » Asp.net Core » Version: 10.0.0

cpe:2.3:a:microsoft:asp.net_core:10.0.0
Microsoft » Asp.net Core » Version: 10.0.1

cpe:2.3:a:microsoft:asp.net_core:10.0.1
Microsoft » Asp.net Core » Version: 10.0.2

cpe:2.3:a:microsoft:asp.net_core:10.0.2
Microsoft » Asp.net Core » Version: 10.0.3

cpe:2.3:a:microsoft:asp.net_core:10.0.3
Microsoft » Asp.net Core » Version: 10.0.4

cpe:2.3:a:microsoft:asp.net_core:10.0.4
Microsoft » Asp.net Core » Version: 10.0.5

cpe:2.3:a:microsoft:asp.net_core:10.0.5
Microsoft » Asp.net Core » Version: 10.0.6

cpe:2.3:a:microsoft:asp.net_core:10.0.6