Visual Studio 2026 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32177	1 Microsoft	6 .net, .net Framework, Visual Studio 2017 and 3 more	2026-05-13	7.3 High
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32175	1 Microsoft	6 .net, Microsoft Visual Studio 2022, Visual Studio 2017 and 3 more	2026-05-13	4.3 Medium
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVE-2026-32203	3 Apple, Linux, Microsoft	7 Macos, Linux Kernel, .net and 4 more	2026-05-06	7.5 High
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-40372	1 Microsoft	2 Asp.net Core, Visual Studio 2026	2026-04-28	9.1 Critical
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-21257	1 Microsoft	2 Visual Studio 2022, Visual Studio 2026	2026-04-15	8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21256	1 Microsoft	2 Visual Studio 2022, Visual Studio 2026	2026-04-15	8.8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

Page 1 of 1.