CVE-2026-47303
Received
Received - Intake
BaseFortify
Vulnerability report for CVE-2026-47303, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: Microsoft Corporation
Description
Description
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | asp.net_core | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-90 | The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-302 | The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |