CVE-2026-47300: ASP.NET Core Elevation of Privilege Vulnerability

Overview

Severity
High (CVSS 8.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Elevation of Privilege
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Affected Products (11)

Developer Tools

  • .NET 10.0 installed on Linux
  • .NET 10.0 installed on Mac OS
  • .NET 8.0 installed on Windows
  • .NET 8.0 installed on Mac OS
  • .NET 8.0 installed on Linux
  • .NET 9.0 installed on Linux
  • .NET 9.0 installed on Mac OS
  • .NET 9.0 installed on Windows
  • Microsoft Visual Studio 2022 version 17.12
  • Microsoft Visual Studio 2022 version 17.14
  • Microsoft Visual Studio 2026 version 18.7

Security Updates (6)

Acknowledgments

Artur Stetsko

Revision History

  • 2026-07-14: Information published.