Microsoft Microsoft Visual Studio 2026 Version 18.7
16 CVEs affecting Microsoft Microsoft Visual Studio 2026 Version 18.7. Latest disclosed: 2026-07-14. Critical: 0, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47303 | High | 8.8 | 2026-07-14 | Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. |
CVE-2026-47300 | High | 8.8 | 2026-07-14 | Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. |
CVE-2026-50528 | High | 8.2 | 2026-07-14 | Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-47304 | High | 8.1 | 2026-07-14 | Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-50650 | High | 7.8 | 2026-07-14 | Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-50649 | High | 7.8 | 2026-07-14 | Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally. |
CVE-2026-50646 | High | 7.8 | 2026-07-14 | Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally. |
CVE-2026-47305 | High | 7.8 | 2026-07-14 | Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally. |
CVE-2026-50651 | High | 7.5 | 2026-07-14 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
CVE-2026-50648 | High | 7.5 | 2026-07-14 | Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. |
CVE-2026-50527 | High | 7.5 | 2026-07-14 | Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. |
CVE-2026-50525 | High | 7.5 | 2026-07-14 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
CVE-2026-50524 | High | 7.5 | 2026-07-14 | Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. |
CVE-2026-47302 | High | 7.5 | 2026-07-14 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
CVE-2026-50526 | High | 7.0 | 2026-07-14 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. |
CVE-2026-50659 | Medium | 6.5 | 2026-07-14 | Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. |