Ubuntu Security Notices USN-8215-1 USN-8215-1: .NET vulnerability Publication date 28 April 2026 Overview .NET could be made to crash or run programs as an administrator. Releases 25.10 24.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages dotnet10 - .NET CLI tools and runtime Details It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions After a standard system update, it is recommended to rotate the DataProtection key ring. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing aspnetcore-runtime-10.0 – 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 – 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 – 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 – 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 – 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 – 10.0.107-0ubuntu1~25.10.1 dotnet10 – 10.0.107-10.0.7-0ubuntu1~25.10.1 24.04 LTS noble aspnetcore-runtime-10.0 – 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 – 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 – 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 – 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 – 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 – 10.0.107-0ubuntu1~24.04.1 dotnet10 – 10.0.107-10.0.7-0ubuntu1~24.04.1 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-40372 CVE-2026-40372