CVE-2026-47300 is an ASP.NET Core elevation of privilege vulnerability caused by an incorrect implementation of an authentication algorithm. Microsoft rates it HIGH severity with a CVSS v3.1 base score of 8.8 and temporal score of 7.7. The attack vector is NETWORK, attack complexity is LOW, privileges required are LOW, and user interaction is NONE. If successfully exploited, an attacker could gain administrator or SYSTEM privileges. Microsoft says it is not publicly disclosed and not exploited, with exploit code maturity UNPROVEN. Customer action is required, so this is not marked as already mitigated. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH - Exploitation likelihood: Exploitation Less Likely; the vector is NETWORK with LOW attack complexity, LOW privileges required, and NO user interaction - Severity for enterprise: High priority for exposed ASP.NET Core deployments because the issue is network-reachable and does not require user interaction, but Microsoft does not report active exploitation - Patch status: available Affected systems: - No products listed in the source data