Vulnerability intelligence
CVE-2026-40372
Official description is being retrieved from NVD — refresh shortly.
CVSS Score
9.1
Critical
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
3 articles across 3 outlets · first covered Apr 22, 2026 · latest Apr 22, 2026
Coverage timeline
-
Emergency ASP.NET Core patch fixes CVE-2026-40372 Linux/macOS flawarstechnica.com · Apr 22, 2026
-
Microsoft issues emergency fix for ASP.NET Core SYSTEM flawsecurityaffairs.com · Apr 22, 2026
-
Microsoft fixes ASP.NET Core privilege escape CVE-2026-40372thehackernews.com · Apr 22, 2026