Microsoft Microsoft Visual Studio 2022 Version 17.14
14 CVEs affecting Microsoft Microsoft Visual Studio 2022 Version 17.14. Latest disclosed: 2026-05-12. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55315 | Critical | 9.9 | 2025-10-14 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature ove… |
CVE-2026-21256 | High | 8.8 | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to exec… |
CVE-2025-49739 | High | 8.8 | 2025-07-08 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-21257 | High | 8.0 | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevat… |
CVE-2025-53773 | High | 7.8 | 2025-08-12 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to exec… |
CVE-2026-32203 | High | 7.5 | 2026-04-14 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. |
CVE-2026-32178 | High | 7.5 | 2026-04-14 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-30399 | High | 7.5 | 2025-06-13 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
CVE-2026-32177 | High | 7.3 | 2026-05-12 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. |
CVE-2025-55240 | High | 7.3 | 2025-10-14 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
CVE-2025-47959 | High | 7.1 | 2025-06-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a netwo… |
CVE-2025-62214 | Medium | 6.7 | 2025-11-11 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. |
CVE-2025-55248 | Medium | 4.8 | 2025-10-14 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. |
CVE-2026-32175 | Medium | 4.3 | 2026-05-12 | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could wri… |