Microsoft Visual Studio 2022 Version 17.14 vulnerabilities
10 known vulnerabilities affecting microsoft/microsoft_visual_studio_2022_version_17.14.
Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-21256HIGHCVSS 8.8≥ 17.14.0, < 17.14.262026-02-10
CVE-2026-21256 [HIGH] CWE-77 CVE-2026-21256: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2026-21257HIGHCVSS 8.0≥ 17.14.0, < 17.14.262026-02-10
CVE-2026-21257 [HIGH] CWE-77 CVE-2026-21257: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
cvelistv5nvd
CVE-2025-62214MEDIUMCVSS 6.7≥ 17.14.0, < 17.14.172025-11-11
CVE-2025-62214 [MEDIUM] CWE-77 CVE-2025-62214: Improper neutralization of special elements used in a command ('command injection') in Visual Studio
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-55315CRITICALCVSS 9.9PoC≥ 17.14.0, < 17.14.172025-10-14
CVE-2025-55315 [CRITICAL] CWE-444 CVE-2025-55315: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-55240HIGHCVSS 7.3≥ 17.14.0, < 17.14.172025-10-14
CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55248MEDIUMCVSS 4.8≥ 17.14.0, < 17.14.172025-10-14
CVE-2025-55248 [MEDIUM] CWE-326 CVE-2025-55248: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-53773HIGHCVSS 7.8≥ 17.14.0, < 17.14.122025-08-12
CVE-2025-53773 [HIGH] CWE-77 CVE-2025-53773: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49739HIGHCVSS 8.8≥ 17.14.0, < 17.14.82025-07-08
CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
cvelistv5nvd
CVE-2025-30399HIGHCVSS 7.5≥ 17.14.0, < 17.14.52025-06-13
CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47959HIGHCVSS 7.1≥ 17.14.0, < 17.14.52025-06-13
CVE-2025-47959 [HIGH] CWE-77 CVE-2025-47959: Improper neutralization of special elements used in a command ('command injection') in Visual Studio
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
cvelistv5nvd