Security teams woke up to a rare blend of urgency and subtlety: a cryptographic regression in ASP.NET Core quietly unraveled authenticity checks for tokens and cookies while everything else appeared to be working normally, forcing a swift out-of-band fix and an equally swift reassessment of how trust is built, shipped, and renewed across modern web stacks. The purpose here is to lay out what changed, why it matters, and how to navigate the remediation with confidence rather than haste.
This FAQ explains the vulnerability tied to CVE-2026-40372, why the patch alone is not enough, and what concrete steps restore integrity. Readers can expect clear answers on affected platforms, detection methods, operational impacts—especially for containers—and the sequence for rebuilding apps, rotating keys, and retiring risky tokens.
Setting the Stage
Microsoft released a corrective build after a regression in .NET 10.0.6 changed how the ManagedAuthenticatedEncryptor computed HMAC validation tags, introducing an incorrect offset that broke integrity verification. That meant forged payloads could pass as genuine, undermining the safeguards backing auth cookies, anti-forgery tokens, OIDC state parameters, and TempData.
The hotfix moves frameworks to 10.0.7, but the story does not end with updated servers. Many apps embed the affected library at build time, so the vulnerable bits ride along inside containers and self-contained deployments. Moreover, tokens minted during the window of exposure remain dangerous unless deliberately expired and replaced.
Frequently Asked Questions
What exactly went wrong with Data Protection in .NET 10.0.6?
The regression altered the HMAC validation process by using an incorrect offset, weakening the integrity check that signals whether a protected payload was tampered with. In practical terms, an attacker could craft a payload that looked authentic enough to pass verification and be accepted by the application.
Because ASP.NET Core leans on Data Protection for both confidentiality and authenticity, the effect was broad. Artifacts like authentication cookies and anti-forgery tokens inherited the flaw’s fragility. The issue is tracked as CVE-2026-40372 with a CVSS score of 9.1, reflecting the risk that forged tokens could impersonate users or subvert critical defenses.
Which platforms and deployment styles are affected?
Linux, macOS, and other non-Windows environments are implicated by default because they rely on managed algorithms. Windows applications are affected when managed algorithms were explicitly enabled via UseCustomCryptographicAlgorithms. Projects pinned to 10.0.x that consume netstandard2.0 or net462 assets from the flawed NuGet package are also at risk, impacting back-compat scenarios.
Deployment style matters. Container images and self-contained builds often embed the Data Protection assembly during publish. In those cases, host updates to 10.0.7 do not swap out the vulnerable code inside existing artifacts, so workloads must be rebuilt and redeployed.
Why is patching servers not sufficient?
Even with 10.0.7 installed, any application bundled with the flawed library at build time still carries the defect. Framework-dependent deployments on patched hosts fare better, but images built during the vulnerable period do not magically fix themselves.
There is also a trust residue. Tokens and cookies issued while validation was weakened may remain valid. If an attacker forged a payload or captured a legitimate token during that window, that artifact could continue to confer access until it is explicitly invalidated or expires.
How can teams tell whether their applications are impacted?
Start with build provenance. Review CI/CD logs for build times after April 14 and before adoption of 10.0.7. Any images or binaries produced in that window are candidates for rebuild. Next, inspect package references using dotnet list package or by checking the .csproj for Microsoft.AspNetCore.DataProtection 10.0.6.
Operational clues help too. Look for spikes in “The payload was invalid” errors, anomalous session churn, or unexpected user sign-outs correlated with the 10.0.6 rollout. While these symptoms are not proof of exploitation, they can confirm that the regression affected live authentication flows.
What immediate remediation steps should be taken?
Update to 10.0.7 or later and then rebuild all affected applications. Replace container images end to end, not just base layers, and redeploy. After code is clean, rotate Data Protection keys and force expiration of authentication cookies, session tokens, anti-forgery tokens, and any other artifacts minted during exposure.
Finally, validate. Confirm that authenticity checks behave correctly, that users are prompted to reauthenticate, and that error rates return to normal baselines. This sequence—patch, rebuild, rotate, verify—closes the hole and resets trust.
What specific risks does this vulnerability create?
The central danger is broken authenticity with a side risk to confidentiality. A forged auth cookie could impersonate a user, potentially escalating privileges if administrative accounts were targeted. Manipulated anti-forgery tokens can weaken CSRF protections, while tampered TempData or OIDC state may skew login or consent flows.
A troubling scenario emerges when a forged or captured token enables issuance of new, long-lived tokens under a powerful identity. Without revocation and rotation, that transient breach can harden into persistent compromise.
Why are containers a special concern here?
Containers snapshot application code and dependencies at build time. When a library inside the image is flawed, patching the host cannot repair running containers. The only remedy is to rebuild images with the fixed package, retag, and redeploy across environments, ensuring old digests are fully retired.
This supply chain reality widens the blast radius: multiple services often share a base image or a common pipeline. Thorough inventory and coordinated rebuilds become essential to avoid stragglers that continue to run vulnerable bits.
How does this compare to past ASP.NET incidents?
Recent memory includes the Kestrel CVE-2025-55315, which underscored how core web components can amplify operational impact. A more distant echo is MS10-070 in classic ASP.NET, where cryptographic flaws forced emergency patches and sweeping resets. The throughline is clear: small cryptographic mistakes trigger large operational responses.
This event fits that pattern. The vulnerability is nuanced, but the response must be broad—code fixes paired with a trust reset—because authentication systems hinge on properties that cannot be half-repaired.
Recap and Next Steps
The flaw, CVE-2026-40372, stemmed from an HMAC offset error in .NET 10.0.6 that undermined Data Protection’s integrity checks. Microsoft shipped 10.0.7 out of band, but real remediation required more: rebuilding affected apps, redeploying containers, rotating keys, and invalidating tokens and cookies created during exposure.
Key takeaways are straightforward. Host updates alone do not fix embedded dependencies. Tokens issued while validation was broken must not be trusted. Containers require full-image rebuilds, not partial patches. And verification after redeploy—through reauth prompts and normalized error rates—closes the loop.
For deeper reading, review Microsoft’s security advisories for ASP.NET Core, the Data Protection documentation, and incident analyses covering Kestrel CVE-2025-55315 and MS10-070 for historical parallels and lessons learned.
Final Thoughts
This incident reinforced how fragile trust can be when cryptographic primitives slip, and it placed the spotlight on operational rigor as much as code quality. The sound path forward centered on shipping the fixed bits, rebuilding everything that carried the flaw, and executing a deliberate token and key rotation to wipe away residual risk.
Teams that cataloged builds, traced dependency versions, and enforced image retirement policies ended up with cleaner estates and better playbooks. The outcome also emphasized a durable lesson: security posture rests on both fast patches and disciplined trust resets, with containers and legacy compatibility targets demanding special care.
