Microsoft Visual Studio 2022 vulnerabilities

CVE-2026-21257 [HIGH] CWE-77 CVE-2026-21257: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

CVE-2026-21256 [HIGH] CWE-77 CVE-2026-21256: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-62214 [MEDIUM] CWE-77 CVE-2025-62214: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CVE-2025-55315 [CRITICAL] CWE-444 CVE-2025-55315: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

CVE-2025-55240 [HIGH] CWE-284 CVE-2025-55240: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-55248 [MEDIUM] CWE-326 CVE-2025-55248: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

CVE-2025-53773 [HIGH] CWE-77 CVE-2025-53773: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2025-49739 [HIGH] CWE-59 CVE-2025-49739: Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-47959 [HIGH] CWE-77 CVE-2025-47959: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVE-2025-32702 [HIGH] CWE-77 CVE-2025-32702: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2025-26646 [HIGH] CWE-73 CVE-2025-26646: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allo External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

CVE-2025-32703 [MEDIUM] CWE-200 CVE-2025-32703: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

CVE-2025-29804 [HIGH] CWE-284 CVE-2025-29804: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-26682 [HIGH] CWE-770 CVE-2025-26682: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2025-29802 [HIGH] CWE-427 CVE-2025-29802: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-24998 [HIGH] CWE-427 CVE-2025-24998: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-24070 [HIGH] CWE-1390 CVE-2025-24070: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate p Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-25003 [HIGH] CWE-427 CVE-2025-25003: Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-21206 [HIGH] CWE-427 CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability Visual Studio Installer Elevation of Privilege Vulnerability