Improper verification of cryptographic signatures in ASP.NET Core allows an attacker who can supply a forged signature to bypass normal authentication checks and gain elevated privileges. The vulnerability stems from an absence of proper signature validation, causing the system to accept untrusted data as a valid authorization token. As a result, an unauthorized user can obtain higher-level access than intended, potentially modifying protected resources or configuration values within the application.

Microsoft ASP.NET Core 10.0 on all platforms that support this runtime, and Microsoft Visual Studio 2026 version 18.5. Any deployment that relies on the framework’s default signature validation path is susceptible, regardless of custom authentication components.

The CVSS score of 9.1 indicates a high severity flaw. The EPSS score of 10% shows a relatively high likelihood of exploitation at the time of this analysis, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is over the network, where an attacker can inject a forged signature into an authentication request directed at an endpoint that performs the flawed verification. Exploitation requires the ability to send a signed request to that endpoint; if successful, the attacker elevates privileges within the ASP.NET Core application and can act as an authenticated user with full rights.