https://cybercrime.club/tags/aspnet-core/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usSat, 25 Apr 2026 11:09:39 -0400https://cybercrime.club/posts/aspnet-core-cve-2026-40372-dataprotection-signature-bypass/Sat, 25 Apr 2026 11:09:39 -0400https://cybercrime.club/posts/aspnet-core-cve-2026-40372-dataprotection-signature-bypass/Microsoft's out-of-band patch fixes a CVSS 9.1 signature-verification bug in ASP.NET Core DataProtection that lets unauthenticated attackers forge cookies and decrypt protected payloads. Tokens minted during the exposure window stay valid after upgrade — you have to rotate the key ring.vulnerability