diff --git a/src/OrchardCore/OrchardCore.Mvc.Core/Extensions/OrchardCoreBuilderExtensions.cs b/src/OrchardCore/OrchardCore.Mvc.Core/Extensions/OrchardCoreBuilderExtensions.cs
index aec445b493c..2040961c67b 100644
--- a/src/OrchardCore/OrchardCore.Mvc.Core/Extensions/OrchardCoreBuilderExtensions.cs
+++ b/src/OrchardCore/OrchardCore.Mvc.Core/Extensions/OrchardCoreBuilderExtensions.cs
@@ -15,6 +15,13 @@ public static OrchardCoreBuilder AddMvc(this OrchardCoreBuilder builder)
             {
                 // Allows a tenant to add its own route endpoint schemes for link generation.
                 collection.AddSingleton<IEndpointAddressScheme<RouteValuesAddress>, ShellRouteValuesAddressScheme>();
+
+                collection.Configure<RouteOptions>(options =>
+                {
+                    // The Cors module is designed to handle CORS, thus we skip checking for unhandled security metadata by default.
+                    // Additionally, skipping security metadata checks on the endpoint provides a minor performance benefit.
+                    options.SuppressCheckForUnhandledSecurityMetadata = true;
+                });
             },
             // Need to be registered last.
             order: int.MaxValue - 100);