Microsoft Microsoft Visual Studio 2026 Version 18.7

16 CVEs affecting Microsoft Microsoft Visual Studio 2026 Version 18.7. Latest disclosed: 2026-07-14. Critical: 0, High: 15.

Top CVEs affecting Microsoft Microsoft Visual Studio 2026 Version 18.7
CVESeverityScorePublishedSummary
CVE-2026-47303High8.82026-07-14Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47300High8.82026-07-14Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-50528High8.22026-07-14Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-47304High8.12026-07-14Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50650High7.82026-07-14Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50649High7.82026-07-14Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50646High7.82026-07-14Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-47305High7.82026-07-14Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2026-50651High7.52026-07-14Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50648High7.52026-07-14Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50527High7.52026-07-14Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50525High7.52026-07-14Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50524High7.52026-07-14Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-47302High7.52026-07-14Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50526High7.02026-07-14Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50659Medium6.52026-07-14Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.