Microsoft Releases Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability

Microsoft has released an emergency .NET 10.0.7 update to fix a critical elevation of privilege vulnerability (CVE-2026-40372) in the Microsoft.AspNetCore.DataProtection NuGet package, affecting versions 10.0.0 through 10.0.6. This vulnerability could allow attackers to bypass integrity validation and escalate privileges, and Microsoft strongly advises immediate updating of the package.