MC1294316 – An updated version of the April 2026 Scan Cab is available

Product:

SharePoint, Windows

Platform:

Online, World tenant

Status:

Change type:

Admin impact

Links:

Details:

IMPORTANT: This notice is only relevant for environments where:
Visual Studio 2026 with .NET version 10.0.6 is used
Scan Cab is used to check for update compliance
The April 2026 Scan Cab was deployed before 10:30 AM PT on April 28, 2026

An updated version of the April 2026 Scan Cab was made available at 10:30 AM PT on April 28, 2026. This Scan Cab includes new metadata corresponding to updates for Visual Studio 2026.

The Microsoft update for Visual Studio 2026 released on April 28, 2026, includes additional protections to address CVE-2026-40372: ASP.NET Core Elevation of Privilege Vulnerability. See the Additional information section of this message for details.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2026-04-29

updated:
2026-04-29

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased Security Vulnerability
Using the outdated Scan Cab may leave systems exposed to the ASP.NET Core Elevation of Privilege Vulnerability (CVE-2026-40372), potentially allowing unauthorized access.
   - roles: IT Administrator, Security Officer
   - references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372, https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/

Update Compliance Issues
Failure to deploy the updated Scan Cab may result in inaccurate assessment of update compliance, leading to potential operational disruptions.
   - roles: IT Administrator, Compliance Officer
   - references: https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site, https://learn.microsoft.com/visualstudio/releases/2026/release-notes " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/visualstudio/releases/2026/release-notes

User Experience Degradation
Users may experience application failures or degraded performance if the necessary updates are not applied due to the outdated Scan Cab.
   - roles: End User, Support Technician
   - references: https://learn.microsoft.com/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline?tabs=vbscript, https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1

Increased IT Support Load
Outdated Scan Cab may lead to increased support tickets and troubleshooting efforts as users encounter issues related to unpatched vulnerabilities.
   - roles: Support Technician, IT Manager
   - references: https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site, https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1

Operational Downtime
If the updated Scan Cab is not deployed, critical updates may not be applied, leading to potential system outages or downtime.
   - roles: IT Administrator, Operations Manager
   - references: https://learn.microsoft.com/visualstudio/releases/2026/release-notes, https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only