Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10.0.0 (custom) before 10.0.6
affected
8.0.0 (custom) before 8.0.29
affected
9.0.0 (custom) before 9.0.18
affected
17.12.0 (custom) before 17.12.22
affected
17.14.0 (custom) before 17.14.36
affected
18.0 (custom) before 18.7.4
affected
Description
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Problem types
CWE-303: Incorrect Implementation of Authentication Algorithm
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47300 (ASP.NET Core Elevation of Privilege Vulnerability)