Microsoft has released a patch for a critical ASP.NET Core vulnerability in the Kestrel web server, which could allow security bypass through request smuggling. The flaw, rated at 9.9 CVSS, may enable attackers to perform actions like impersonation or injection if applications handle requests improperly. #ASPNetCore #KestrelWebServer
Keypoints
- The vulnerability affects all supported ASP.NET Core versions, including early releases like 2.3.
Read More: https://www.theregister.com/2025/10/16/microsoft_aspnet_core_vulnerability/