Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10.0.0 (custom) before 10.0.6
affected
8.0.0 (custom) before 8.0.29
affected
9.0.0 (custom) before 9.0.18
affected
17.12.0 (custom) before 17.12.22
affected
17.14.0 (custom) before 17.14.36
affected
18.0 (custom) before 18.7.4
affected
Description
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Problem types
CWE-302: Authentication Bypass by Assumed-Immutable Data
CWE-863: Incorrect Authorization
CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47303 (ASP.NET Core Elevation of Privilege Vulnerability)