Visual Studio 2026 Microsoft Visual Studio 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio 2026.

By the Year

In 2026 there have been 23 vulnerabilities in Microsoft Visual Studio 2026 with an average score of 7.7 out of ten.

Year Vulnerabilities Average Score
2026 23 7.66

It may take a day or so for new Visual Studio 2026 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio 2026 Security Vulnerabilities

Jul 2026: .NET Spoofing Vulnerability
CVE-2026-50659 6.5 - Medium - July 14, 2026

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Output Sanitization

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-50651 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Elevation of Privilege Vulnerability
CVE-2026-50650 7.8 - High - July 14, 2026

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Code Injection

Jul 2026: .NET Remote Code Execution Vulnerability
CVE-2026-50649 7.8 - High - July 14, 2026

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

Marshaling, Unmarshaling

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50648 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Remote Code Execution Vulnerability
CVE-2026-50646 7.8 - High - July 14, 2026

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

Protection Mechanism Failure

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50527 7.5 - High - July 14, 2026

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

Stack Overflow

Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-50528 8.2 - High - July 14, 2026

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

AuthZ

Jul 2026: .NET Tampering Vulnerability
CVE-2026-50526 7 - High - July 14, 2026

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

insecure temporary file

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-50525 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: .NET Framework Denial of Service Vulnerability
CVE-2026-50524 7.5 - High - July 14, 2026

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

Improper Validation of Specified Type of Input

Jul 2026: .NET Security Feature Bypass Vulnerability
CVE-2026-47304 8.1 - High - July 14, 2026

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

Improper Verification of Cryptographic Signature

Jul 2026: Visual Studio Remote Code Execution Vulnerability
CVE-2026-47305 7.8 - High - July 14, 2026

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.

Protection Mechanism Failure

Jul 2026: .NET Denial of Service Vulnerability
CVE-2026-47302 7.5 - High - July 14, 2026

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47303 8.8 - High - July 14, 2026

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Authentication Bypass by Assumed-Immutable Data

Jul 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-47300 8.8 - High - July 14, 2026

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Incorrect Implementation of Authentication Algorithm

Jun 2026: ASP.NET Core Denial of Service Vulnerability
CVE-2026-45591 7.5 - High - June 09, 2026

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

May 2026: .NET Core Tampering Vulnerability
CVE-2026-32175 4.3 - Medium - May 12, 2026

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Absolute Path Traversal

May 2026: .NET Elevation of Privilege Vulnerability
CVE-2026-32177 7.3 - High - May 12, 2026

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Apr 2026: ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-40372 9.1 - Critical - April 21, 2026

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Improper Verification of Cryptographic Signature

Apr 2026: .NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203 7.5 - High - April 14, 2026

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

Stack Overflow

Feb 2026: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
CVE-2026-21256 8.8 - High - February 10, 2026

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

Command Injection

Feb 2026: GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
CVE-2026-21257 8 - High - February 10, 2026

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Visual Studio 2026 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe