Listen to this Post
How CVE-2026-40372 works:
The vulnerability resides in the authenticated encryption routine of `Microsoft.AspNetCore.DataProtection` NuGet packages versions 10.0.0 through 10.0.6. The bug is an improper cryptographic signature verification (CWE-347). Specifically, the HMAC tag validation logic contains a flaw where a ciphertext bearing an all-zero HMAC tag is incorrectly accepted as valid. Under normal operation, the decryption routine would reject any tampered payload; however, the broken validation allows an attacker to submit specially crafted ciphertexts. By observing the application’s behavior (e.g., timing differences or error messages), the attacker can perform a padding-oracle attack – similar to MS10-070. This enables two critical primitives: first, decryption of arbitrary protected payloads (such as authentication cookies, anti-forgery tokens, or state parameters); second, forging new valid ciphertexts, including authentication cookies that impersonate any user. Because the affected code runs on Linux, macOS, and non-Windows systems (or any platform when using net462/netstandard2.0 assets), the attacker can remotely send malicious requests without authentication. Successful exploitation yields valid signed tokens for a privileged account, leading to elevation of privilege. The attacker can then induce the application to issue legitimate session refresh tokens, API keys, password reset links, or other long-lived artifacts. After upgrading to 10.0.7, forged all-zero HMAC payloads are rejected, but any tokens issued during the vulnerable window remain valid unless the DataProtection key ring is rotated.
dailycve form:
Platform: ASP.NET Core
Version: 10.0.0-10.0.6
Vulnerability: Signature verification bypass
Severity: Critical (9.1)
date: 2026-04-21
Prediction: Patch date 2026-04-21
What Undercode Say:
Analytics
Check installed Microsoft.AspNetCore.DataProtection version dotnet list package --include-transitive | grep Microsoft.AspNetCore.DataProtection Detect vulnerable runtime load (Linux/macOS) grep -r "Microsoft.AspNetCore.DataProtection, Version=10.0." /app/bin/ Simulate affected condition: no Microsoft.AspNetCore.App reference dotnet new console && dotnet add package Microsoft.AspNetCore.DataProtection -v 10.0.6 Rotate DataProtection keys (C code snippet) dotnet run --project KeyRotation.cs
How Exploit:
- Capture a protected payload (e.g., authentication cookie) from the target.
- Modify the ciphertext and set its HMAC tag to all zeros.
- Send the manipulated payload to any endpoint that decrypts it (login, antiforgery, state parameter).
- Observe padding oracle side-channels (timing/error differences) to recover plaintext.
- Forge a valid ciphertext for a privileged user with all-zero HMAC.
- Use the forged cookie to authenticate as admin and request refresh tokens.
Protection from this CVE
- Upgrade `Microsoft.AspNetCore.DataProtection` to 10.0.7 or later.
- Rotate the DataProtection key ring using `RevokeAllKeys` or
RevokeKey. - If on Windows or using shared framework ≥10.0.6, you are not affected.
- Audit and rotate long-lived artifacts issued during the vulnerable window (API keys, refresh tokens, password reset links).
- Review web logs for high-volume anomalous requests to protected endpoints.
Impact:
Elevation of Privilege (9.1 Critical). Attacker gains ability to decrypt any protected payload, forge authentication cookies, impersonate any user, and induce the application to issue legitimately-signed tokens (session, API keys, password resets). Confidentiality and integrity are fully compromised; availability is not affected. Persistent tokens survive patching unless key ring is rotated.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

