Jul 2026: Visual Studio Remote Code Execution Vulnerability
CVE-2026-47305 Published on July 14, 2026
Visual Studio Remote Code Execution Vulnerability
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
Weakness Type
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Products Associated with CVE-2026-47305
stack.watch emails you whenever new vulnerabilities are published in Microsoft Visual Studio 2026 or Microsoft Visual Studio 2022. Just hit a watch button to start following.
Affected Versions
Microsoft Visual Studio 2022 version 17.12:- Version 17.12.0 and below 17.12.22 is affected.
- Version 17.14.0 and below 17.14.36 is affected.
- Version 18.0 and below 18.7.4 is affected.