tldrdailynews.com logo
Tag

Aspnet Core

All articles tagged with #aspnet core

Microsoft rolls emergency patch to fix macOS/Linux ASP.NET Core privilege escalation
technology1 month ago

Microsoft rolls emergency patch to fix macOS/Linux ASP.NET Core privilege escalation

Microsoft issued an emergency update for ASP.NET Core's DataProtection package (versions 10.0.0–10.0.6) to fix a high-severity flaw (CVE-2026-40372) that allowed unauthenticated attackers on macOS and Linux to forge authentication tokens and gain SYSTEM privileges; upgrade to 10.0.7 immediately, and rotate the DataProtection key ring and audit long-lived artifacts since forged tokens could remain valid after patching.

via Ars Technica|
#aspnet-core#cve-2026-40372#data-protection
Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery
security1 month ago

Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery

Microsoft released out-of-band security updates for a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) that could let unauthenticated attackers forge authentication cookies and gain SYSTEM privileges. The flaw comes from a regression in the 10.0.0–10.0.6 NuGet packages, which could cause forged payloads to bypass authenticity checks; upgrading to 10.0.7 and redeploying with a rotated DataProtection key ring fixes the issue. This follows April’s Patch Tuesday and includes additional out-of-band Windows Server fixes. No service disruption is reported, but applications using DataProtection should update promptly to prevent token forgery and data exposure.

via BleepingComputer|
#aspnet-core#cve-2026-40372#data-protection
Microsoft Releases Urgent Patch for ASP.NET Core Privilege Escalation (CVE-2026-40372)
technology1 month ago

Microsoft Releases Urgent Patch for ASP.NET Core Privilege Escalation (CVE-2026-40372)

Microsoft issued out-of-band updates to fix a critical ASP.NET Core vulnerability (CVE-2026-40372) that could let an attacker escalate to SYSTEM by forging tokens when a vulnerable DataProtection NuGet package (Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6) is loaded at runtime on non-Windows systems. The fix is in ASP.NET Core 10.0.7; exploitation requires the vulnerable package, a non-Windows OS, and the app running with the library loaded. If tokens were issued during the vulnerability window, they remain valid after upgrading until the DataProtection key ring is rotated.

via The Hacker News|
#aspnet-core#cve-2026-40372#dataprotection
QNAP Alerts Users to Critical ASP.NET Vulnerability in Backup Software
technology7 months ago

QNAP Alerts Users to Critical ASP.NET Vulnerability in Backup Software

QNAP has issued a warning about a critical security flaw in its Windows backup software and NetBak PC Agent, related to the CVE-2025-55315 vulnerability in ASP.NET Core, which could allow attackers to hijack credentials or bypass security controls. Users are advised to update their ASP.NET Core runtime or reinstall the affected applications to mitigate risks. This follows previous security updates QNAP released for other vulnerabilities in its backup solutions.

via BleepingComputer|
#aspnet-core#backup-software#cve-2025-55315