.NET 10.0.7 Ships Out-of-Band to Fix CVE-2026-40372 in ASP.NET Core Data Protection
A HMAC validation flaw in Microsoft.AspNetCore.DataProtection 10.0.0 through 10.0.6 lets attackers forge ciphertexts. .NET 10.0.7 is the mandatory fix.
Tag: data-protection
1 post