CVE-2026-47300: ASP.NET Core Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 8.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-Jul
- Released
- 2026-07-14
Description
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Affected Products (11)
Developer Tools
- .NET 10.0 installed on Linux
- .NET 10.0 installed on Mac OS
- .NET 8.0 installed on Windows
- .NET 8.0 installed on Mac OS
- .NET 8.0 installed on Linux
- .NET 9.0 installed on Linux
- .NET 9.0 installed on Mac OS
- .NET 9.0 installed on Windows
- Microsoft Visual Studio 2022 version 17.12
- Microsoft Visual Studio 2022 version 17.14
- Microsoft Visual Studio 2026 version 18.7
Security Updates (6)
Acknowledgments
Artur Stetsko
Revision History
- 2026-07-14: Information published.