🟠 High | Source: Microsoft Security Response Center
A vulnerability in ASP.NET Core allows an already-authenticated attacker to gain higher privileges than they should have by exploiting data that the application incorrectly assumes cannot be changed. This means an attacker with limited access could potentially escalate to broader control over affected systems or resources. Applications hosted on Azure or any cloud environment running ASP.NET Core are at risk if left unpatched.
Security Architect’s Take: Audit all ASP.NET Core workloads running in your Azure environment and apply the relevant Microsoft security patch immediately; also review your defence-in-depth controls such as least-privilege role assignments and network segmentation to limit the blast radius of any privilege escalation attempt.
Original advisory: CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability