DigiNews

Summary

Ars Technica reports on a emergency patch for ASP.NET Core to fix a high-severity vulnerability (CVE-2026-40372) that could let unauthenticated attackers gain SYSTEM privileges on macOS and Linux. The flaw stems from faulty cryptographic signature verification in DataProtection, and forged credentials can survive patching if keys aren’t rotated; Microsoft advises updating to 10.0.7 and rotating the DataProtection key ring, plus auditing long-lived artifacts. Windows deployments are not affected by default, but cross-platform apps must apply the patch and perform remediation steps.