Microsoft Visual Studio 2022 Version 17 14

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-32203 HIGH PATCH Exploit Unlikely This Week

Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.

Stack Overflow Buffer Overflow Net 10 0 Net 8 0 Net 9 0 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32178 NuGet HIGH PATCH GHSA This Week

Information disclosure in Microsoft .NET 8.0, 9.0, 10.0, and Visual Studio 2022 allows unauthenticated remote attackers to access sensitive data through improper neutralization of special elements. This spoofing vulnerability (CWE-138) enables attackers to bypass authentication mechanisms and extract high-confidentiality information over the network with low attack complexity. No active exploitation confirmed (not in CISA KEV), but the network-accessible, no-authentication-required attack profile presents immediate risk for internet-facing .NET applications. Vendor patches available for all affected versions.

Authentication Bypass Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 +1
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32203
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.

Stack Overflow Buffer Overflow Net 10 0 +4
NVD VulDB
CVE-2026-32178 NuGet
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Microsoft .NET 8.0, 9.0, 10.0, and Visual Studio 2022 allows unauthenticated remote attackers to access sensitive data through improper neutralization of special elements. This spoofing vulnerability (CWE-138) enables attackers to bypass authentication mechanisms and extract high-confidentiality information over the network with low attack complexity. No active exploitation confirmed (not in CISA KEV), but the network-accessible, no-authentication-required attack profile presents immediate risk for internet-facing .NET applications. Vendor patches available for all affected versions.

Authentication Bypass Net 10 0 Net 8 0 +3
NVD VulDB HeroDevs

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy