Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local IDE flaw requiring the victim to open crafted content (AV:L, UI:R) with no prior privileges (PR:N), yielding full local code execution and high C/I/A in an unchanged scope.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Visual Studio (2022 versions 17.12 and 17.14, and 2026 version 18.7) stems from a protection mechanism failure that lets an unauthorized attacker run arbitrary code once a victim is convinced to open or interact with a malicious project, file, or solution. Microsoft has published a fix, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access and mandatory user interaction (CVSS UI:R): the victim must open or load attacker-supplied content - a crafted project, solution, or file - in an affected Visual Studio build (2022 17.12, 2022 17.14, or 2026 18.7). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, 7.8 High) signals that exploitation is local and requires user interaction (UI:R) - typically opening a crafted project or file - but needs no prior privileges (PR:N) and has low attack complexity, yielding full C/I/A impact within an unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Visual Studio project or solution and delivers it to a developer via a phishing email, a pull request, a shared repository, or a downloaded code sample. When the developer opens the project in an affected Visual Studio build, the failed protection mechanism is bypassed and attacker-controlled code executes locally in the developer's context. … |
| Remediation | Patch available per vendor advisory: apply the servicing update for your channel from the MSRC guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47305, which covers Visual Studio 2022 17.12, 2022 17.14, and 2026 18.7 - install the update through the Visual Studio Installer or your managed update process and confirm the build number matches the advisory's fixed version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all instances of affected Visual Studio versions (2022 versions 17.12 and 17.14, 2026 version 18.7) and communicate risk to development teams with guidance to avoid opening untrusted projects pending remediation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully
Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumve
Security feature bypass in Microsoft .NET (shipped via Visual Studio 2022 17.12/17.14 and Visual Studio 2026 18.7) lets
Local code execution in Microsoft .NET (Framework 3.5 through 4.8.1, .NET 8.0/9.0, and Visual Studio 2022/2026) arises f
Local code execution in Microsoft .NET 8.0 and 9.0 (and bundled Visual Studio 2022/2026 toolchains) arises from unsafe d
Local privilege elevation in Microsoft .NET Framework (and .NET 8.0/9.0 plus Visual Studio 2022/2026) via code injection
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allo
Remote denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows an unauthenticated network attacker to c
Network denial of service in Microsoft .NET 8.0, 9.0, and 10.0 (and the corresponding Visual Studio 2022/2026 tooling) a
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44356
GHSA-5q8c-4c69-36xr