#data-protection

Related: #aspnet · 1 #cve-2026-40372 · 1 #dotnet · 1 #microsoft · 1 #out-of-band-patch · 1 #supply-chain · 1

Microsoft .NET blog post image for the 10.0.7 out-of-band security update

Microsoft rushed an out-of-band ASP.NET Core patch. If you shipped between April 14 and April 21, you need to rebuild.

CVE-2026-40372 lets attackers forge auth cookies on .NET 10.0.6 apps on Linux and macOS. The fix is 10.0.7. Here's what broke, who's exposed, and how to patch.