🟠 High | Source: Microsoft Security Response Center
A vulnerability in ASP.NET Core contains a flaw in how authentication is implemented, allowing an already-authenticated attacker to gain higher levels of access than they should have over a network. This is a privilege escalation issue, meaning an attacker who has limited access could abuse this flaw to obtain broader control. Applications hosted on Azure or any infrastructure running affected versions of ASP.NET Core are at risk.
Security Architect’s Take: Identify all workloads running affected versions of ASP.NET Core — particularly those exposed to external or multi-tenant network traffic — and prioritise patching via Microsoft’s update guidance. In the interim, consider enforcing stricter network segmentation and reviewing application-level authorisation controls to limit the blast radius of any exploitation.
Original advisory: CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability