Apr 22, 2026mediumzero-dayexploited in the wild

Microsoft releases emergency patches for critical ASP.NET flaw

Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.

what's affecteddevices by forging authentication cookies

mitigation statusMonitoring updates

first reportedApr 22, 2026

social pulse

mentions (24h)510

velocitytrend up

mentions delta+3% vs yesterday

platform splitX 55% · Reddit 18% · GitHub 27%

keywords

zero-dayvulnerabilitymitigation

x analyticsheat 0

authors 0verified 0%

likes0

retweets0

replies0

quotes0

summaryConversation is accelerating with active-response chatter and exploit validation.

sources

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/

Curated Apr 22, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — Microsoft releases emergency patches for critical ASP.NET flaw. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…