Vulnerabilities4 min read
ASP.NET Core Bug Lets Attackers Forge Auth Cookies for SYSTEM Access
Microsoft releases emergency patch for CVE-2026-40372 (CVSS 9.1), a critical ASP.NET Core flaw allowing attackers to forge authentication cookies and gain SYSTEM privileges on Linux and macOS servers.
Marcus ChenApr 28, 2026