Microsoft released an emergency patch for its ASP.NET Core to fix a high severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps. The software maker said Tuesday evening that the vulnerability, tracked as CVE 2026 40372, affects versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet, a package thats part of the framework. The critical flaw stems from a faulty...
