{"uuid": "10a00ba2-4c0c-4ca0-a040-59c4e8023039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40372", "type": "seen", "source": "https://bsky.app/profile/the-runtime.bsky.social/post/3mkpd5w3sxo2g", "content": "CVE-2026-40372 silently broke HMAC in ASP.NET Core Data Protection. The real problem? Patching isn't enough - forged cookies can mint legit tokens that survive key rotation.\n\nhttps://the-runtime.dev/articles/cve-2026-40372-aspnet-core-data-protection-emergency-patch/\n\n#dotnet #security #aspnetcore", "creation_timestamp": "2026-04-30T09:42:19.397297Z"}