Microsoft Visual Studio Developer IDE
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio.
Recent Microsoft Visual Studio Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-21256 | CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | February 10, 2026 |
| CVE-2026-21257 | CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability | February 10, 2026 |
| CVE-2026-21523 | CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | February 10, 2026 |
| CVE-2026-21518 | CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | February 10, 2026 |
| CVE-2025-64660 | CVE-2025-64660 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | November 21, 2025 |
| CVE-2025-62453 | CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | November 11, 2025 |
| CVE-2025-62449 | CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | November 11, 2025 |
| CVE-2025-62222 | CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-62214 | CVE-2025-62214 Visual Studio Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-55248 | CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability | October 14, 2025 |
EOL Dates
Ensure that you are using a supported version of Microsoft Visual Studio. Here are some end of life, and end of support dates for Microsoft Visual Studio.
| Release | EOL Date | Status |
|---|---|---|
| 18.3 | - |
Active
|
| 18.2 | February 10, 2026 |
EOL
Microsoft Visual Studio 18.2 became EOL in 2026. |
| 18.1 | January 13, 2026 |
EOL
Microsoft Visual Studio 18.1 became EOL in 2026. |
| 18.0 | December 9, 2025 |
EOL
Microsoft Visual Studio 18.0 became EOL in 2025. |
| 17.14 | January 13, 2032 |
Active
Microsoft Visual Studio 17.14 will become EOL in 6 years (in 2032). |
| 17.13 | May 13, 2025 |
EOL
Microsoft Visual Studio 17.13 became EOL in 2025. |
| 17.12 | July 14, 2026 |
EOL This Year
Microsoft Visual Studio 17.12 will become EOL this year, in July 2026. |
| 17.11 | November 12, 2024 |
EOL
Microsoft Visual Studio 17.11 became EOL in 2024. |
| 17.9 | May 21, 2024 |
EOL
Microsoft Visual Studio 17.9 became EOL in 2024. |
| 17.8 | July 8, 2025 |
EOL
Microsoft Visual Studio 17.8 became EOL in 2025. |
| 17.7 | November 14, 2023 |
EOL
Microsoft Visual Studio 17.7 became EOL in 2023. |
| 17.6 | January 14, 2025 |
EOL
Microsoft Visual Studio 17.6 became EOL in 2025. |
| 17.5 | May 16, 2023 |
EOL
Microsoft Visual Studio 17.5 became EOL in 2023. |
| 17.4 | July 9, 2024 |
EOL
Microsoft Visual Studio 17.4 became EOL in 2024. |
| 17.3 | November 8, 2022 |
EOL
Microsoft Visual Studio 17.3 became EOL in 2022. |
| 17.2 | January 9, 2024 |
EOL
Microsoft Visual Studio 17.2 became EOL in 2024. |
| 17.1 | May 10, 2022 |
EOL
Microsoft Visual Studio 17.1 became EOL in 2022. |
| 17.1 | May 10, 2022 |
EOL
Microsoft Visual Studio 17.1 became EOL in 2022. |
| 17.0 | July 11, 2023 |
EOL
Microsoft Visual Studio 17.0 became EOL in 2023. |
| 16.11 | April 10, 2029 |
Active
Microsoft Visual Studio 16.11 will become EOL in 3 years (in 2029). |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Visual Studio. Last year, in 2025 Visual Studio had 12 security vulnerabilities published. Right now, Visual Studio is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 12 | 7.44 |
| 2024 | 13 | 6.90 |
| 2023 | 23 | 7.08 |
| 2022 | 5 | 8.60 |
| 2021 | 6 | 7.42 |
| 2020 | 10 | 7.22 |
| 2019 | 5 | 6.65 |
| 2018 | 5 | 6.05 |
It may take a day or so for new Visual Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Security Vulnerabilities
Jul 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-49739
8.8 - High
- July 08, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
insecure temporary file
Jun 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-47959
7.1 - High
- June 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Command Injection
May 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-32702
7.8 - High
- May 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
Command Injection
May 2025: Visual Studio Information Disclosure Vulnerability
CVE-2025-32703
5.5 - Medium
- May 13, 2025
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Insufficient Granularity of Access Control
Apr 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-29804
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Authorization
Apr 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-29802
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-25003
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24998
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Feb 2025: Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-21206
7.3 - High
- February 11, 2025
Visual Studio Installer Elevation of Privilege Vulnerability
DLL preloading
CVE-2024-12703: Deserialization RCE via malicious project file in Visual Studio
CVE-2024-12703
- January 17, 2025
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.
Marshaling, Unmarshaling
Jan 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-21405
7.3 - High
- January 14, 2025
Visual Studio Elevation of Privilege Vulnerability
Authorization
Jan 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-21178
8.8 - High
- January 14, 2025
Visual Studio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49044
6.7 - Medium
- November 12, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
Visual Studio Collector Service DoS Vulnerability
CVE-2024-43603
5.5 - Medium
- October 08, 2024
Visual Studio Collector Service Denial of Service Vulnerability
insecure temporary file
Microsoft Visual Studio/ .NET DoS Vulnerability (CVE-2024-43485)
CVE-2024-43485
7.5 - High
- October 08, 2024
.NET and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Improper Input Validation
Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081
7.3 - High
- July 09, 2024
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Jun 2024: Visual Studio Remote Code Execution Vulnerability
CVE-2024-30052
4.7 - Medium
- June 11, 2024
Visual Studio Remote Code Execution Vulnerability
Protection Mechanism Failure
Jun 2024: Visual Studio Elevation of Privilege Vulnerability
CVE-2024-29060
6.7 - Medium
- June 11, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
Visual Studio DoS via malformed input
CVE-2024-30046
- May 14, 2024
Visual Studio Denial of Service Vulnerability
Race Condition
MS VS UNC Path Injection via Malicious Project Captures NTLMv2 Hashes
CVE-2023-29446
4.7 - Medium
- January 10, 2024
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
Improper Input Validation
Visual Studio Elevation of Privilege (CVE-2024-20656)
CVE-2024-20656
7.8 - High
- January 09, 2024
Visual Studio Elevation of Privilege Vulnerability
Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558
6.2 - Medium
- November 14, 2023
ASP.NET Core Security Feature Bypass Vulnerability
Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049
7.6 - High
- November 14, 2023
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Improper Input Validation
Nov 2023: Visual Studio Denial of Service Vulnerability
CVE-2023-36042
6.2 - Medium
- November 14, 2023
Visual Studio Denial of Service Vulnerability
Heap-based Buffer Overflow
Sep 2023: Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36758
7.8 - High
- September 12, 2023
Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Sep 2023: Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36759
6.7 - Medium
- September 12, 2023
Visual Studio Elevation of Privilege Vulnerability
Untrusted Pointer Dereference
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36792
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer underflow
Sep 2023: Visual Studio Remote Code Execution Vulnerability
CVE-2023-36796
7.8 - High
- September 12, 2023
Visual Studio Remote Code Execution Vulnerability
Integer underflow
Sep 2023: .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36799
6.5 - Medium
- September 12, 2023
.NET Core and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Aug 2023: .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38180
7.5 - High
- August 08, 2023
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
.NET Framework & VS Remote Code Execution Vulnerability
CVE-2023-24897
7.8 - High
- June 14, 2023
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
EOP in .NET/VS (CVE-2023-32032)
CVE-2023-32032
6.5 - Medium
- June 14, 2023
.NET and Visual Studio Elevation of Privilege Vulnerability
Visual Studio Info Disclosure Vulnerability
CVE-2023-33139
5.5 - Medium
- June 14, 2023
Visual Studio Information Disclosure Vulnerability
Visual Studio Spoofing Vulnerability
CVE-2023-28299
5.5 - Medium
- April 11, 2023
Visual Studio Spoofing Vulnerability
MS Visual Studio RCE Vulnerability CVE-2023-28296
CVE-2023-28296
7.8 - High
- April 11, 2023
Visual Studio Remote Code Execution Vulnerability
MS VS Info Disclosure CVE-2023-28263
CVE-2023-28263
5.5 - Medium
- April 11, 2023
Visual Studio Information Disclosure Vulnerability
Microsoft Visual Studio EoP Vulnerability CVE-2023-28262
CVE-2023-28262
7.8 - High
- April 11, 2023
Visual Studio Elevation of Privilege Vulnerability
Visual Studio RCE via Remote Code Execution Vulnerability
CVE-2023-23381
7.8 - High
- February 14, 2023
Visual Studio Remote Code Execution Vulnerability
VisStudio EoP Vulnerability
CVE-2023-21566
7.8 - High
- February 14, 2023
Visual Studio Elevation of Privilege Vulnerability
Visual Studio DOS from malicious code parsing
CVE-2023-21567
5.6 - Medium
- February 14, 2023
Visual Studio Denial of Service Vulnerability
CVE-2023-21808: RCE in .NET/Visual Studio
CVE-2023-21808
7.8 - High
- February 14, 2023
.NET and Visual Studio Remote Code Execution Vulnerability
Microsoft Visual Studio RCE Vulnerability CVE-2023-21815
CVE-2023-21815
7.8 - High
- February 14, 2023
Visual Studio Remote Code Execution Vulnerability
Microsoft Visual Studio RCE via Unsafe Deserialization
CVE-2022-41119
7.8 - High
- November 09, 2022
Visual Studio Remote Code Execution Vulnerability
Microsoft Visual Studio Remote Code Execution Vulnerability
CVE-2022-35777
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio or by Microsoft? Click the Watch button to subscribe.
