April 22, 2026
Microsoft patches critical ASP.NET Core Data Protection flaw CVE-2026-40372. Attackers can forge auth cookies and gain SYSTEM privileges. Update now.
