Jul 2026: Visual Studio Remote Code Execution Vulnerability
CVE-2026-47305 Published on July 14, 2026

Visual Studio Remote Code Execution Vulnerability
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.

Vendor Advisory NVD

Weakness Type

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.


Products Associated with CVE-2026-47305

stack.watch emails you whenever new vulnerabilities are published in Microsoft Visual Studio 2026 or Microsoft Visual Studio 2022. Just hit a watch button to start following.

 
 

Affected Versions

Microsoft Visual Studio 2022 version 17.12: Microsoft Visual Studio 2022 version 17.14: Microsoft Visual Studio 2026 version 18.7: