Microsoft Visual Studio 2022
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio 2022.
By the Year
In 2026 there have been 2 vulnerabilities in Microsoft Visual Studio 2022 with an average score of 8.4 out of ten. Last year, in 2025 Visual Studio 2022 had 24 security vulnerabilities published. Right now, Visual Studio 2022 is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.93.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.40 |
| 2025 | 24 | 7.48 |
| 2024 | 38 | 7.77 |
| 2023 | 37 | 7.27 |
| 2022 | 16 | 7.70 |
| 2021 | 1 | 8.80 |
| 2020 | 1 | 5.30 |
It may take a day or so for new Visual Studio 2022 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio 2022 Security Vulnerabilities
Feb 2026: GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
CVE-2026-21257
8 - High
- February 10, 2026
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
Command Injection
Feb 2026: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
CVE-2026-21256
8.8 - High
- February 10, 2026
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
Command Injection
Nov 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-62214
6.7 - Medium
- November 11, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Command Injection
Oct 2025: .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248
4.8 - Medium
- October 14, 2025
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inadequate Encryption Strength
Oct 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-55240
7.3 - High
- October 14, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Authorization
Oct 2025: ASP.NET Security Feature Bypass Vulnerability
CVE-2025-55315
9.9 - Critical
- October 14, 2025
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
HTTP Request Smuggling
Aug 2025: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
CVE-2025-53773
7.8 - High
- August 12, 2025
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Command Injection
Jul 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-49739
8.8 - High
- July 08, 2025
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
insecure temporary file
Jun 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399
7.5 - High
- June 13, 2025
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
Untrusted Path
Jun 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-47959
7.1 - High
- June 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Command Injection
May 2025: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-26646
8 - High
- May 13, 2025
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
External Control of File Name or Path
May 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-32702
7.8 - High
- May 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
Command Injection
May 2025: Visual Studio Information Disclosure Vulnerability
CVE-2025-32703
5.5 - Medium
- May 13, 2025
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
Insufficient Granularity of Access Control
Apr 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-29802
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Apr 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-29804
7.3 - High
- April 08, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Authorization
Apr 2025: ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2025-26682
7.5 - High
- April 08, 2025
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Allocation of Resources Without Limits or Throttling
Mar 2025: ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24070
7 - High
- March 11, 2025
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
1390
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24998
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Mar 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-25003
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
DLL preloading
Feb 2025: Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-21206
7.3 - High
- February 11, 2025
Visual Studio Installer Elevation of Privilege Vulnerability
DLL preloading
Jan 2025: Visual Studio Elevation of Privilege Vulnerability
CVE-2025-21405
7.3 - High
- January 14, 2025
Visual Studio Elevation of Privilege Vulnerability
Authorization
Jan 2025: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21176
8.8 - High
- January 14, 2025
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Buffer Over-read
Jan 2025: .NET Remote Code Execution Vulnerability
CVE-2025-21171
7.5 - High
- January 14, 2025
.NET Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Jan 2025: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Jan 2025: .NET Elevation of Privilege Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
Jan 2025: Visual Studio Remote Code Execution Vulnerability
CVE-2025-21178
8.8 - High
- January 14, 2025
Visual Studio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft .NET/VS Remote Code Execution Vulnerability
CVE-2024-43498
9.8 - Critical
- November 12, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Object Type Confusion
DoS Vulnerability in .NET Runtime for Visual Studio
CVE-2024-43499
7.5 - High
- November 12, 2024
.NET and Visual Studio Denial of Service Vulnerability
Data Amplification
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49044
6.7 - Medium
- November 12, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
.NET Framework & Visual Studio RCE via Remote Exploit
CVE-2024-38229
8.1 - High
- October 08, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Visual C++ Redistributable Installer Elevation of Privilege
CVE-2024-43590
7.8 - High
- October 08, 2024
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Authorization
Visual Studio Collector Service DoS Vulnerability
CVE-2024-43603
5.5 - Medium
- October 08, 2024
Visual Studio Collector Service Denial of Service Vulnerability
insecure temporary file
Microsoft .NET/VS Denial of Service from CVE-2024-43484
CVE-2024-43484
7.5 - High
- October 08, 2024
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Microsoft .NET/VS Denial-of-Service Vulnerability
CVE-2024-43483
7.5 - High
- October 08, 2024
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Microsoft Visual Studio/ .NET DoS Vulnerability (CVE-2024-43485)
CVE-2024-43485
7.5 - High
- October 08, 2024
.NET and Visual Studio Denial of Service Vulnerability
Inefficient Algorithmic Complexity
Denial of Service in Microsoft .NET Framework & Visual Studio
CVE-2024-38168
7.5 - High
- August 13, 2024
.NET and Visual Studio Denial of Service Vulnerability
Microsoft .NET & Visual Studio Info Disclosure CVE-2024-38167
CVE-2024-38167
6.5 - Medium
- August 13, 2024
.NET and Visual Studio Information Disclosure Vulnerability
Cleartext Transmission of Sensitive Information
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Improper Input Validation
Jul 2024: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Dangling pointer
Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET and Visual Studio Denial of Service Vulnerability
Resource Exhaustion
Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081
7.3 - High
- July 09, 2024
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
insecure temporary file
Jun 2024: Visual Studio Remote Code Execution Vulnerability
CVE-2024-30052
4.7 - Medium
- June 11, 2024
Visual Studio Remote Code Execution Vulnerability
Protection Mechanism Failure
Jun 2024: Visual Studio Elevation of Privilege Vulnerability
CVE-2024-29060
6.7 - Medium
- June 11, 2024
Visual Studio Elevation of Privilege Vulnerability
Authorization
Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045
6.3 - Medium
- May 14, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Visual Studio DoS via malformed input
CVE-2024-30046
- May 14, 2024
Visual Studio Denial of Service Vulnerability
Race Condition
Microsoft ODBC Driver for SQL Server RCE Vulnerability
CVE-2024-28932
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE
CVE-2024-28933
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE via Buffer Overflow
CVE-2024-28935
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server RCE
CVE-2024-28934
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server ODBC Driver RCE Vulnerability
CVE-2024-28936
8.8 - High
- April 09, 2024
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio 2022 or by Microsoft? Click the Watch button to subscribe.
