{"id":99260,"date":"2026-05-07T19:27:54","date_gmt":"2026-05-07T19:27:54","guid":{"rendered":"https:\/\/mybusinessfuture.com\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/"},"modified":"2026-05-11T07:50:41","modified_gmt":"2026-05-11T07:50:41","slug":"cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an","status":"publish","type":"post","link":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/","title":{"rendered":"Open Door in the Mid-Market Bank&#8217;"},"content":{"rendered":"<p style=\"color:#888;font-size:0.9em;margin:0 0 16px;padding:0;\">5 min read<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\"><strong>A critical vulnerability in the most widely used .NET component allows attackers to escalate privileges without logging in. Patches have been available for a long time, yet mid-sized companies relying on external hosts or ISVs have no control over the update process.<\/strong><\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Key Takeaways<\/h2>\n<ul>\n<li><strong>Exploitable remotely without authentication:<\/strong> CVE-2026-40372 is network-based, not local. Any company running ASP.NET Core in a customer portal, partner API, or publicly accessible B2B application faces a direct risk, not just an inventory concern.<\/li>\n<li><strong>Mid-sized companies are affected more than expected:<\/strong> Industry-specific software, accounting frontends, logistics tracking apps, and service portals in many firms run on .NET 6, 7, or 8. Often hosted by a provider that does not automatically track patch status.<\/li>\n<li><strong>Patch is available\u2014distribution is the issue:<\/strong> Microsoft provides updates for .NET 6 LTS, .NET 7 (out of support since May 2024), and .NET 8 LTS. Companies still on .NET 7 officially receive no fix\u2014the most challenging scenario for mid-sized firms.<\/li>\n<\/ul>\n<p style=\"font-size:0.88em;color:#666;margin:20px 0 32px 0;border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5;padding:10px 0;\"><span style=\"color:#202528;font-weight:700;text-transform:uppercase;font-size:0.72em;letter-spacing:0.14em;margin-right:14px;\">Related:<\/span><a href=\"https:\/\/mybusinessfuture.com\/en\/eudi-wallet-deadline-looms\/\" style=\"color:#333;text-decoration:underline;\">EUDI Wallet from Pilot Rollout 2026<\/a>&nbsp;&nbsp;<span style=\"color:#ccc;\">\/<\/span>&nbsp;&nbsp;<a href=\"https:\/\/mybusinessfuture.com\/en\/gartner-s-2-52-trillion-ai-spending-forecast-how-mid-market\/\" style=\"color:#333;text-decoration:underline;\">Gartner AI Spending 2026<\/a><\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">What the vulnerability actually does<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\"><strong>What is CVE-2026-40372?<\/strong> CVE-2026-40372 is a critical flaw in ASP.NET Core where cryptographic signature verification is inadequately implemented. Attackers can send manipulated requests with forged or bypassed signatures to escalate permissions\u2014without prior authentication. Microsoft rates the flaw CVSS 9.1, marking it critical. It was published in the NVD on 21 April 2026 and affects all currently supported .NET versions.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The vulnerable component sits in the authentication and token verification layer. Applications using JWT tokens, signed cookies, or OAuth flows are prime targets. In practice, virtually every ASP.NET Core application with login functionality is exposed. The attack can be executed over the public internet as soon as the endpoint is reachable.<\/p>\n<div style=\"text-align:center;background:#f8f9fa;border-radius:12px;padding:32px 24px;margin:32px 0;\">\n<div style=\"font-size:48px;font-weight:700;color:#202528;letter-spacing:-0.03em;\">CVSS 9.1<\/div>\n<div style=\"font-size:15px;color:#444;margin-top:8px;\">Microsoft\u2019s own rating of CVE-2026-40372 \u2013 critical, network-exploitable without authentication.<\/div>\n<div style=\"font-size:12px;color:#888;margin-top:8px;\">Source: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-40372\" target=\"_blank\" rel=\"noopener\" style=\"color:#888;\">NVD, 21.04.2026<\/a><\/div>\n<\/div>\n<div style=\"margin:32px 0;border-radius:12px;overflow:hidden;background:#f8f9fa;padding:24px;\">\n<div style=\"font-size:0.7em;text-transform:uppercase;letter-spacing:2px;color:#F21F05;margin-bottom:16px;\">CORE STATS<\/div>\n<div style=\"display:flex;align-items:center;padding:12px 0;border-bottom:1px solid #e9ecef;\">\n<div style=\"font-size:clamp(1.3em,4vw,1.8em);font-weight:800;color:#F21F05;min-width:140px;flex-shrink:0;white-space:nowrap;\">62 percent<\/div>\n<div style=\"font-size:0.85em;color:#495057;\">in AI governance<\/div>\n<\/div>\n<div style=\"display:flex;align-items:center;padding:12px 0;\">\n<div style=\"font-size:clamp(1.3em,4vw,1.8em);font-weight:800;color:#F21F05;min-width:140px;flex-shrink:0;white-space:nowrap;\">04.2026<\/div>\n<div style=\"font-size:0.85em;color:#495057;\">CVE-2026-40372 classified critical: a signature verification flaw<\/div>\n<\/div>\n<\/div>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Why SMEs are more affected than the statistics suggest<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Cloud market statistics show ASP.NET as a smaller share compared to Java or Node. In DACH mid-market practice, however, the picture looks different. Three common scenarios emerge.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">First: industry-specific software built on .NET. Many solutions for trades, logistics, healthcare or mechanical engineering grew as Windows stacks and added a web front-end with ASP.NET Core. Often, an IT service provider or reseller hosts the application. If you don\u2019t actively request the patch status, you\u2019ll get the update at best during the next maintenance window.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Second: in-house customer portals. Most mid-market portals for ordering, status tracking or service tickets are built with .NET 6 or 8 because .NET expertise exists in-house. These custom developments are patched centrally less often than off-the-shelf standard software. Without a clearly defined owner for framework updates, you have an open flank here.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Third: legacy on .NET 7. Microsoft ended support for .NET 7 in May 2024. Anyone still running it won\u2019t receive an official patch for CVE-2026-40372. The reality in many companies: the upgrade to .NET 8 was postponed because other priorities took precedence. These stacks now need a deliberate decision\u2014migration or compensating controls such as a web application firewall with signature-validation rules.<\/p>\n<blockquote style=\"margin:32px 0;padding:24px 28px;background:linear-gradient(135deg,#fff5f5 0%,#ffe8e8 100%);border-left:4px solid #F21F05;border-radius:0 8px 8px 0;font-size:1.25em;line-height:1.5;color:#495057;font-style:italic;font-weight:600;\"><p>\n \u201eOn 21 April 2026 Microsoft classified CVE-2026-40372 as critical: a signature-verification flaw in ASP.NET Core allows unauthenticated attackers to escalate privileges across the network.\u201c\n<\/p><\/blockquote>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Three steps to take within the next 14 days<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\">First: inventory. Identify every application that uses ASP.NET Core. Contact your IT service provider and ask which .NET version is running in production and whether the CVE-2026-40372 patch has been applied. If you host in-house, run <a href=\"https:\/\/learn.microsoft.com\/en-us\/dotnet\/core\/install\/how-to-detect-installed-versions\" target=\"_blank\" rel=\"noopener\">dotnet &#8211;version<\/a> on the server.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Second: roll out patches in priority order. Start with public-facing apps\u2014everything reachable via external login. Follow with internal-only apps. For stacks stuck on .NET 7, create a mitigation plan: trigger migration to .NET 8 or deploy a WAF rule as an interim measure.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Third: check logging. Verify whether your applications record authentication anomalies. If an attacker attempts a token-verification bypass, that event should appear in the application log. Many mid-market apps log successful logins but miss failed verification attempts\u2014this is the telemetry you now need.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<details>\n<summary><strong>Which .NET versions are affected by CVE-2026-40372?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Affected versions are ASP.NET Core 6.0, 7.0, and 8.0. Microsoft has released patches for the LTS (Long-Term Support) versions 6 and 8. .NET 7 reached end-of-support in May 2024, so no official fix is available. If you&#8217;re still relying on .NET 7, migration or mitigation is required.<\/p>\n<\/details>\n<details>\n<summary><strong>Do we need the patch if our application is only accessible internally?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Yes, though with lower priority. Internal applications remain reachable for attackers who already have a foothold in your network. CVE-2026-40372 is network-based, which includes internal networks. Prioritize public-facing systems first, internal-only systems next\u2014both within a two-week window.<\/p>\n<\/details>\n<details>\n<summary><strong>Is a Web Application Firewall sufficient as a temporary measure?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Only as a stopgap. A WAF with rules for signature-validation anomalies can detect attacks where the signature appears in headers or the request body. However, it won\u2019t catch deeper verification paths in application logic. Patching remains the cleanest solution.<\/p>\n<\/details>\n<details>\n<summary><strong>What if our IT service provider isn\u2019t responding?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Send a written request specifying a deadline for patch deployment. For critical applications, escalate to the provider\u2019s executive leadership. Review your contract for SLAs\u2014most standard agreements require patching critical vulnerabilities within seven to 30 days.<\/p>\n<\/details>\n<details>\n<summary><strong>What indicators suggest an active attack?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Watch for unusual authentication logs: repeated 401 responses followed by a 200 on the same endpoint. Tokens that look structurally valid but originate from unknown issuers. Requests with unusually short token lifetimes. If you use SIEM or log aggregation, set up alerts\u2014look for patterns, not isolated events.<\/p>\n<\/details>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">More from the MBF Media Network<\/h2>\n<ul style=\"list-style:none;padding:0;margin:0;\">\n<li style=\"margin-bottom:12px;\"><a href=\"https:\/\/www.cloudmagazin.com\/2026\/05\/04\/container-image-diet-2026-distroless-wolfi-chainguard-dach-devops\/\" style=\"color:#202528;text-decoration:underline;\"><strong class=\"mag-cm\">cloudmagazin:<\/strong> Container-Image Diet 2026 \u2013 Distroless, Wolfi, Chainguard for DACH DevOps<\/a><\/li>\n<li style=\"margin-bottom:12px;\"><a href=\"https:\/\/www.securitytoday.de\/2026\/05\/04\/rsa-conference-2026-wrap-up-dach-ciso-hausaufgaben-pqc-detection-vendor-konsolidierung\/\" style=\"color:#202528;text-decoration:underline;\"><strong class=\"mag-st\">SecurityToday:<\/strong> RSA Conference 2026 Wrap-up \u2013 DACH CISO To-Dos<\/a><\/li>\n<li style=\"margin-bottom:12px;\"><a href=\"https:\/\/www.digital-chiefs.de\/cio-ki-governance-kompromiss-logicalis-report-2026\/\" style=\"color:#202528;text-decoration:underline;\"><strong class=\"mag-dc\">Digital Chiefs:<\/strong> CIOs Under Pressure \u2013 62 Percent Lagging on AI Governance<\/a><\/li>\n<\/ul>\n<p style=\"text-align:right;font-style:italic;color:#888;font-size:0.85em;margin-top:32px;\">Source of cover image: Pexels \/ Pixabay<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical vulnerability in the most widely used .NET component allows attackers privilege escalation without login.<\/p>\n","protected":false},"author":205,"featured_media":99057,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_focuskw":"Microsoft Stack Mid","_yoast_wpseo_title":"Open Door in the Mid-Market Bank'","_yoast_wpseo_metadesc":"Critical .NET vulnerability hits SMEs! Can't patch","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"featured_post_sortierung":0,"featured_post":0,"pre_headline":"","bildquelle":"","teasertext":"","language":"de","footnotes":""},"categories":[1280],"tags":[],"class_list":["post-99260","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-tech","entry"],"wpml_language":"en","wpml_translation_of":99058,"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Open Door in the Mid-Market Bank&#039;<\/title>\n<meta name=\"description\" content=\"Critical .NET vulnerability hits SMEs! Can&#039;t patch\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open Door in the Mid-Market Bank&#039;\" \/>\n<meta property=\"og:description\" content=\"Critical .NET vulnerability hits SMEs! Can&#039;t patch\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\" \/>\n<meta property=\"og:site_name\" content=\"MyBusinessFuture\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MyBusinessFuture\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-07T19:27:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-11T07:50:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2520\" \/>\n\t<meta property=\"og:image:height\" content=\"882\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tobias Massow\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mbusinessfuture\" \/>\n<meta name=\"twitter:site\" content=\"@mbusinessfuture\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tobias Massow\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\"},\"author\":{\"name\":\"Tobias Massow\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/person\/5a5f67d388de091844cc887ac56f3760\"},\"headline\":\"Open Door in the Mid-Market Bank&#8217;\",\"datePublished\":\"2026-05-07T19:27:54+00:00\",\"dateModified\":\"2026-05-11T07:50:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\"},\"wordCount\":974,\"publisher\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg\",\"articleSection\":[\"IT &amp; Tech\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\",\"url\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\",\"name\":\"Open Door in the Mid-Market Bank'\",\"isPartOf\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg\",\"datePublished\":\"2026-05-07T19:27:54+00:00\",\"dateModified\":\"2026-05-11T07:50:41+00:00\",\"description\":\"Critical .NET vulnerability hits SMEs! Can't patch\",\"breadcrumb\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage\",\"url\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg\",\"contentUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg\",\"width\":2520,\"height\":882},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/mybusinessfuture.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open Door in the Mid-Market Bank&#8216;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mybusinessfuture.com\/#website\",\"url\":\"https:\/\/mybusinessfuture.com\/\",\"name\":\"MyBusinessFuture\",\"description\":\"B2B-Magazin f\u00fcr Digitalisierung, KI und Business-Innovation \u2014 Fachartikel f\u00fcr IT-Entscheider im DACH-Raum\",\"publisher\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mybusinessfuture.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\",\"name\":\"MyBusinessFuture\",\"url\":\"https:\/\/mybusinessfuture.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png\",\"contentUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png\",\"width\":398,\"height\":241,\"caption\":\"MyBusinessFuture\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/MyBusinessFuture\",\"https:\/\/x.com\/mbusinessfuture\",\"https:\/\/www.linkedin.com\/showcase\/mybusinessfuture\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/person\/5a5f67d388de091844cc887ac56f3760\",\"name\":\"Tobias Massow\",\"description\":\"Tobias Massow ist Gesch\u00e4ftsf\u00fchrer der Evernine Media GmbH und Herausgeber von MyBusinessFuture. Er verantwortet die strategische Ausrichtung des Magazins und des gesamten MBF Media Netzwerks mit vier B2B-Fachmagazinen f\u00fcr IT-Entscheider im deutschsprachigen Raum.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tobias-massow\/\"],\"url\":\"https:\/\/mybusinessfuture.com\/en\/experte\/tobias-evm\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open Door in the Mid-Market Bank'","description":"Critical .NET vulnerability hits SMEs! Can't patch","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/","og_locale":"en_US","og_type":"article","og_title":"Open Door in the Mid-Market Bank'","og_description":"Critical .NET vulnerability hits SMEs! Can't patch","og_url":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/","og_site_name":"MyBusinessFuture","article_publisher":"https:\/\/www.facebook.com\/MyBusinessFuture","article_published_time":"2026-05-07T19:27:54+00:00","article_modified_time":"2026-05-11T07:50:41+00:00","og_image":[{"width":2520,"height":882,"url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg","type":"image\/jpeg"}],"author":"Tobias Massow","twitter_card":"summary_large_image","twitter_creator":"@mbusinessfuture","twitter_site":"@mbusinessfuture","twitter_misc":{"Written by":"Tobias Massow","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#article","isPartOf":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/"},"author":{"name":"Tobias Massow","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/person\/5a5f67d388de091844cc887ac56f3760"},"headline":"Open Door in the Mid-Market Bank&#8217;","datePublished":"2026-05-07T19:27:54+00:00","dateModified":"2026-05-11T07:50:41+00:00","mainEntityOfPage":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/"},"wordCount":974,"publisher":{"@id":"https:\/\/mybusinessfuture.com\/#organization"},"image":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage"},"thumbnailUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg","articleSection":["IT &amp; Tech"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/","url":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/","name":"Open Door in the Mid-Market Bank'","isPartOf":{"@id":"https:\/\/mybusinessfuture.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage"},"image":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage"},"thumbnailUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg","datePublished":"2026-05-07T19:27:54+00:00","dateModified":"2026-05-11T07:50:41+00:00","description":"Critical .NET vulnerability hits SMEs! Can't patch","breadcrumb":{"@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#primaryimage","url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg","contentUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/05\/mbf-cve-2026-40372-aspnet-core.jpg","width":2520,"height":882},{"@type":"BreadcrumbList","@id":"https:\/\/mybusinessfuture.com\/en\/cve-2026-40372-in-asp-net-core-was-dach-mittelstaendler-an\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/mybusinessfuture.com\/"},{"@type":"ListItem","position":2,"name":"Open Door in the Mid-Market Bank&#8216;"}]},{"@type":"WebSite","@id":"https:\/\/mybusinessfuture.com\/#website","url":"https:\/\/mybusinessfuture.com\/","name":"MyBusinessFuture","description":"B2B-Magazin f\u00fcr Digitalisierung, KI und Business-Innovation \u2014 Fachartikel f\u00fcr IT-Entscheider im DACH-Raum","publisher":{"@id":"https:\/\/mybusinessfuture.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mybusinessfuture.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mybusinessfuture.com\/#organization","name":"MyBusinessFuture","url":"https:\/\/mybusinessfuture.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/","url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png","contentUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png","width":398,"height":241,"caption":"MyBusinessFuture"},"image":{"@id":"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/MyBusinessFuture","https:\/\/x.com\/mbusinessfuture","https:\/\/www.linkedin.com\/showcase\/mybusinessfuture\/"]},{"@type":"Person","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/person\/5a5f67d388de091844cc887ac56f3760","name":"Tobias Massow","description":"Tobias Massow ist Gesch\u00e4ftsf\u00fchrer der Evernine Media GmbH und Herausgeber von MyBusinessFuture. Er verantwortet die strategische Ausrichtung des Magazins und des gesamten MBF Media Netzwerks mit vier B2B-Fachmagazinen f\u00fcr IT-Entscheider im deutschsprachigen Raum.","sameAs":["https:\/\/www.linkedin.com\/in\/tobias-massow\/"],"url":"https:\/\/mybusinessfuture.com\/en\/experte\/tobias-evm\/"}]}},"_links":{"self":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/99260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/users\/205"}],"replies":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/comments?post=99260"}],"version-history":[{"count":2,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/99260\/revisions"}],"predecessor-version":[{"id":99634,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/99260\/revisions\/99634"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/media\/99057"}],"wp:attachment":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/media?parent=99260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/categories?post=99260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/tags?post=99260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}