微软于近日紧急发布了针对ASP.NET Core的安全补丁，以修复一个高危漏洞。该漏洞允许未经身份验证的攻击者在使用该Web开发框架运行Linux或macOS应用程序的设备上获取SYSTEM级别权限。 微软表示，此漏洞被追踪编号为CVE-2026-40372，影响Microsoft.AspNetCore.DataProtection NuGet ...

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development ...

When authentication fails, things can go very, very wrong. I think this disclosure is mostly fine but I do feel that it didn't give quite enough air space to the things that reference it. Entity ...