Known Vulnerabilities for Visual Studio by Microsoft
Listed below are 10 of the newest known vulnerabilities associated with "Visual Studio" by "Microsoft".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41613 json | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41612 json | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41611 json | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized at... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41610 json | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthor... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41109 json | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visu... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-33116 json | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker... | Not Provided | 2026-04-14 | 2026-04-30 |
| CVE-2026-32732 json | Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unic... | Not Provided | 2026-03-16 | 2026-03-16 |
| CVE-2026-32203 json | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | Not Provided | 2026-04-14 | 2026-04-30 |
| CVE-2026-23653 json | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code ... | Not Provided | 2026-04-14 | 2026-04-30 |
| CVE-2025-65717 json | An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a... | Not Provided | 2026-02-16 | 2026-05-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Visual Studio | 97 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 6.0 | |||
| Application | Microsoft | Visual Studio | 2015 | |||
| Application | Microsoft | Visual Studio | 2015 | |||
| Application | Microsoft | Visual Studio | 2013 | |||
| Application | Microsoft | Visual Studio | 2013 | |||
| Application | Microsoft | Visual Studio | 2012 | |||
| Application | Microsoft | Visual Studio | 2012 | |||
| Application | Microsoft | Visual Studio | 2010 | |||
| Application | Microsoft | Visual Studio | 2010 | |||
| Application | Microsoft | Visual Studio | 2010 | |||
| Application | Microsoft | Visual Studio | 2008 |