Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-50650 (GCVE-0-2026-50650)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:29 – Updated: 2026-07-14 19:40- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.29
(custom)
|
|
| Microsoft | .NET 9.0 |
Affected:
9.0.0 , < 9.0.18
(custom)
|
|
| Microsoft | Microsoft .NET Framework 3.5 |
Affected:
3.5.0 , < 2.0.50727.8983 & 3.0.30729.8978
(custom)
|
|
| Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 |
Affected:
4.7.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.7.4143.0
(custom)
|
|
| Microsoft | Microsoft .NET Framework 3.5 AND 4.8 |
Affected:
4.8.0 , < 2.0.50727.9069 & 3.0.30729.9067 & 4.8.4803.0
(custom)
|
|
| Microsoft | Microsoft .NET Framework 3.5 AND 4.8.1 |
Affected:
4.8.1 , < 2.0.50727.9182 & 3.0.30729.9168 & 4.8.9339.0
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 |
Affected:
4.7.0 , < 4.7.4143.0
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.8 |
Affected:
4.8.0 , < 4.8.4803.0
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.12 |
Affected:
17.12.0 , < 17.12.22
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.36
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2026 version 18.7 |
Affected:
18.0 , < 18.7.4
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.29",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.18",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.8983 \u0026 3.0.30729.8978",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows Server 2019",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 Version 23H2 for ARM64-based Systems",
"Windows 11 Version 23H2 for x64-based Systems",
"Windows 11 Version 24H2 for ARM64-based Systems",
"Windows 11 Version 24H2 for x64-based Systems",
"Windows 11 Version 25H2 for ARM64-based Systems",
"Windows 11 Version 25H2 for x64-based Systems",
"Windows 11 Version 26H1 for ARM64-based Systems",
"Windows 11 version 26H1 for x64-based Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)",
"Windows Server 2025",
"Windows Server 2025 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
"status": "affected",
"version": "4.8.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.4143.0",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2012",
"Windows Server 2012 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2012 R2 (Server Core installation)",
"Windows Server 2016",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4803.0",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.22",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.36",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2026 version 18.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.7.4",
"status": "affected",
"version": "18.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.29",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.18",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.7.4",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.22",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.36",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4803.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.4143.0",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0",
"versionStartIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.50727.8983 \u0026 3.0.30729.8978",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-07-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper control of generation of code (\u0027code injection\u0027) in .NET Framework allows an unauthorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:40:13.271Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Framework Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50650"
}
],
"title": ".NET Framework Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-50650",
"datePublished": "2026-07-14T19:29:58.620Z",
"dateReserved": "2026-06-05T14:33:50.830Z",
"dateUpdated": "2026-07-14T19:40:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-50650\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-07-14T20:17:38.230\",\"lastModified\":\"2026-07-14T20:35:32.720\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper control of generation of code (\u0027code injection\u0027) in .NET Framework allows an unauthorized attacker to elevate privileges locally.\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\".NET 8.0\",\"versions\":[{\"version\":\"8.0.0\",\"lessThan\":\"8.0.29\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\".NET 9.0\",\"versions\":[{\"version\":\"9.0.0\",\"lessThan\":\"9.0.18\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 3.5\",\"platforms\":[\"Windows Server 2012\",\"Windows Server 2012 (Server Core installation)\",\"Windows Server 2012 R2\",\"Windows Server 2012 R2 (Server Core installation)\"],\"versions\":[{\"version\":\"3.5.0\",\"lessThan\":\"2.0.50727.8983 \u0026 3.0.30729.8978\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 3.5 AND 4.7.2\",\"platforms\":[\"Windows 10 Version 1607 for 32-bit Systems\",\"Windows 10 Version 1607 for x64-based Systems\",\"Windows 10 Version 1809 for 32-bit Systems\",\"Windows 10 Version 1809 for x64-based Systems\",\"Windows Server 2016\",\"Windows Server 2016 (Server Core installation)\",\"Windows Server 2019\",\"Windows Server 2019 (Server Core installation)\"],\"versions\":[{\"version\":\"4.7.0\",\"lessThan\":\"2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.7.4143.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 3.5 AND 4.8\",\"platforms\":[\"Windows 10 Version 1809 for 32-bit Systems\",\"Windows 10 Version 1809 for x64-based Systems\",\"Windows 10 Version 21H2 for 32-bit Systems\",\"Windows 10 Version 21H2 for ARM64-based Systems\",\"Windows 10 Version 21H2 for x64-based Systems\",\"Windows 10 Version 22H2 for 32-bit Systems\",\"Windows 10 Version 22H2 for ARM64-based Systems\",\"Windows 10 Version 22H2 for x64-based Systems\",\"Windows Server 2019\",\"Windows Server 2019 (Server Core installation)\",\"Windows Server 2022\",\"Windows Server 2022 (Server Core installation)\"],\"versions\":[{\"version\":\"4.8.0\",\"lessThan\":\"2.0.50727.9069 \u0026 3.0.30729.9067 \u0026 4.8.4803.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 3.5 AND 4.8.1\",\"platforms\":[\"Windows 10 Version 21H2 for 32-bit Systems\",\"Windows 10 Version 21H2 for ARM64-based Systems\",\"Windows 10 Version 21H2 for x64-based Systems\",\"Windows 10 Version 22H2 for 32-bit Systems\",\"Windows 10 Version 22H2 for ARM64-based Systems\",\"Windows 10 Version 22H2 for x64-based Systems\",\"Windows 11 Version 23H2 for ARM64-based Systems\",\"Windows 11 Version 23H2 for x64-based Systems\",\"Windows 11 Version 24H2 for ARM64-based Systems\",\"Windows 11 Version 24H2 for x64-based Systems\",\"Windows 11 Version 25H2 for ARM64-based Systems\",\"Windows 11 Version 25H2 for x64-based Systems\",\"Windows 11 Version 26H1 for ARM64-based Systems\",\"Windows 11 version 26H1 for x64-based Systems\",\"Windows Server 2022\",\"Windows Server 2022 (Server Core installation)\",\"Windows Server 2025\",\"Windows Server 2025 (Server Core installation)\"],\"versions\":[{\"version\":\"4.8.1\",\"lessThan\":\"2.0.50727.9182 \u0026 3.0.30729.9168 \u0026 4.8.9339.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2\",\"platforms\":[\"Windows Server 2012\",\"Windows Server 2012 (Server Core installation)\",\"Windows Server 2012 R2\",\"Windows Server 2012 R2 (Server Core installation)\"],\"versions\":[{\"version\":\"4.7.0\",\"lessThan\":\"4.7.4143.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft .NET Framework 4.8\",\"platforms\":[\"Windows 10 Version 1607 for 32-bit Systems\",\"Windows 10 Version 1607 for x64-based Systems\",\"Windows Server 2012\",\"Windows Server 2012 (Server Core installation)\",\"Windows Server 2012 R2\",\"Windows Server 2012 R2 (Server Core installation)\",\"Windows Server 2016\",\"Windows Server 2016 (Server Core installation)\"],\"versions\":[{\"version\":\"4.8.0\",\"lessThan\":\"4.8.4803.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Visual Studio 2022 version 17.12\",\"versions\":[{\"version\":\"17.12.0\",\"lessThan\":\"17.12.22\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Visual Studio 2022 version 17.14\",\"versions\":[{\"version\":\"17.14.0\",\"lessThan\":\"17.14.36\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Visual Studio 2026 version 18.7\",\"versions\":[{\"version\":\"18.0\",\"lessThan\":\"18.7.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50650\",\"source\":\"secure@microsoft.com\"}]}}"
}
}
NCSC-2026-0235
Vulnerability from csaf_ncscnl - Published: 2026-07-14 18:37 - Updated: 2026-07-14 18:37An incorrect implementation of the authentication algorithm in ASP.NET Core allows an authorized attacker to remotely elevate privileges, posing a significant security risk.
CWE-303 - Incorrect Implementation of Authentication Algorithm| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.
CWE-770 - Allocation of Resources Without Limits or Throttling| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An authentication bypass vulnerability in ASP.NET Core involving assumed-immutable data allows an authorized attacker to remotely elevate privileges.
CWE-302 - Authentication Bypass by Assumed-Immutable Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An input validation flaw in the .NET Framework allows unauthorized attackers to trigger a denial of service condition remotely over a network.
CWE-1287 - Improper Validation of Specified Type of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Improper verification of cryptographic signatures in the .NET framework allows unauthorized attackers to bypass security mechanisms over a network, potentially compromising application integrity and security.
CWE-347 - Improper Verification of Cryptographic Signature| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.
CWE-770 - Allocation of Resources Without Limits or Throttling| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An improper link resolution vulnerability in the .NET framework permits an authorized local attacker to tamper with files, potentially compromising system integrity.
CWE-59 - Improper Link Resolution Before File Access ('Link Following')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in the .NET Framework allows unauthorized attackers to cause a denial of service over a network, impacting system stability and availability.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An incorrect authorization vulnerability in the .NET framework allows remote attackers to bypass security controls, potentially leading to unauthorized access.
CWE-302 - Authentication Bypass by Assumed-Immutable Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An unthrottled resource allocation vulnerability in the .NET Framework allows an unauthorized attacker to cause a denial of service over a network by exhausting system resources.
CWE-770 - Allocation of Resources Without Limits or Throttling| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.
CWE-770 - Allocation of Resources Without Limits or Throttling| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Improper encoding or escaping of output in .NET can allow an authorized attacker to perform network spoofing by manipulating network communications.
CWE-116 - Improper Encoding or Escaping of Output| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A type confusion vulnerability in .NET Core allows unauthorized attackers to cause a denial of service by accessing resources using incompatible types over a network.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A protection mechanism failure in the .NET Framework allows an attacker to execute unauthorized local code, posing a significant security risk.
CWE-502 - Deserialization of Untrusted Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Deserialization of untrusted data in .NET environments can allow unauthorized attackers to execute arbitrary code locally, posing significant security risks.
CWE-502 - Deserialization of Untrusted Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A vulnerability in the .NET Framework's code generation control allows unauthorized local privilege escalation by improper handling of code execution permissions.
CWE-94 - Improper Control of Generation of Code ('Code Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.
CWE-770 - Allocation of Resources Without Limits or Throttling| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allow unauthorized attackers to disclose sensitive information over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A path traversal vulnerability in Visual Studio Code allows unauthorized local attackers to bypass security restrictions by improperly limiting pathnames to restricted directories.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Improper neutralization of special elements in commands within Visual Studio Code can allow unauthorized local code execution by attackers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
Improper neutralization of special elements in output by GitHub Copilot and Visual Studio enables unauthorized attackers to bypass security features over a network via injection vulnerabilities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
An input neutralization flaw in Visual Studio Code's web page generation allows a local unauthorized attacker to bypass security features.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A vulnerability in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network by including functionality from an untrusted control sphere.
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
A protection mechanism failure in Visual Studio allows an attacker to execute unauthorized local code, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / .NET
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 10.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 8.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Linux
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Mac OS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET 9.0 installed on Windows
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / .NET Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Azure
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio 2022 version 17.14
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNet.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft.AspNetCore.OData
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2017
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2022
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio 2026
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Visual Studio Code
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in Developer Tools als .NET en Visual Studio.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot schade uit de categorie\u00ebn zoals genoemd in bijgevoegde tabel.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bronbestand te openen en verwerken in de ontwikkelomgeving.\n\n```\nVisual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47305 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47282 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nVisual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45496 | 5.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50520 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-57101 | 7.10 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-57102 | 8.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\n.NET Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50524 | 7.50 | Denial-of-Service | \n| CVE-2026-50527 | 7.50 | Denial-of-Service | \n| CVE-2026-50646 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50648 | 7.50 | Denial-of-Service | \n| CVE-2026-50650 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nASP.NET Core: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47300 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-47303 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50506 | 7.50 | Denial-of-Service | \n| CVE-2026-56170 | 7.50 | Denial-of-Service | \n| CVE-2026-45646 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47302 | 7.50 | Denial-of-Service | \n| CVE-2026-47304 | 8.10 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50525 | 7.50 | Denial-of-Service | \n| CVE-2026-50526 | 7.00 | Manipulatie van gegevens | \n| CVE-2026-50528 | 8.20 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50649 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50651 | 7.50 | Denial-of-Service | \n| CVE-2026-50659 | 6.50 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\n.NET Core: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57108 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41109 | 8.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\n```\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Developer Tools",
"tracking": {
"current_release_date": "2026-07-14T18:37:02.554035Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0235",
"initial_release_date": "2026-07-14T18:37:02.554035Z",
"revision_history": [
{
"date": "2026-07-14T18:37:02.554035Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": ".NET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": ".NET 10.0 installed on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": ".NET 10.0 installed on Mac OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": ".NET 10.0 installed on Windows"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": ".NET 8.0 installed on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": ".NET 8.0 installed on Mac OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": ".NET 8.0 installed on Windows"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": ".NET 9.0 installed on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": ".NET 9.0 installed on Mac OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": ".NET 9.0 installed on Windows"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": ".NET Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Azure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio 2022 version 17.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio Code"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Microsoft Visual Studio Code CoPilot Chat Extension"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Microsoft.AspNet.OData"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Microsoft.AspNetCore.OData"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Visual Studio 2017"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Visual Studio 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Visual Studio 2022"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Visual Studio 2026"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Visual Studio Code"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47300",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "description",
"text": "An incorrect implementation of the authentication algorithm in ASP.NET Core allows an authorized attacker to remotely elevate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47300"
},
{
"cve": "CVE-2026-47302",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47302"
},
{
"cve": "CVE-2026-47303",
"cwe": {
"id": "CWE-302",
"name": "Authentication Bypass by Assumed-Immutable Data"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Assumed-Immutable Data",
"title": "CWE-302"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"title": "CWE-90"
},
{
"category": "description",
"text": "An authentication bypass vulnerability in ASP.NET Core involving assumed-immutable data allows an authorized attacker to remotely elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47303"
},
{
"cve": "CVE-2026-50524",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "description",
"text": "An input validation flaw in the .NET Framework allows unauthorized attackers to trigger a denial of service condition remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50524 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50524.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50524"
},
{
"cve": "CVE-2026-56170",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56170 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-56170"
},
{
"cve": "CVE-2026-47304",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "description",
"text": "Improper verification of cryptographic signatures in the .NET framework allows unauthorized attackers to bypass security mechanisms over a network, potentially compromising application integrity and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47304"
},
{
"cve": "CVE-2026-50525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50525 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50525.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50525"
},
{
"cve": "CVE-2026-50526",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "An improper link resolution vulnerability in the .NET framework permits an authorized local attacker to tamper with files, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50526 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50526.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50526"
},
{
"cve": "CVE-2026-50527",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in the .NET Framework allows unauthorized attackers to cause a denial of service over a network, impacting system stability and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50527"
},
{
"cve": "CVE-2026-50528",
"cwe": {
"id": "CWE-302",
"name": "Authentication Bypass by Assumed-Immutable Data"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Assumed-Immutable Data",
"title": "CWE-302"
},
{
"category": "other",
"text": "Not Failing Securely (\u0027Failing Open\u0027)",
"title": "CWE-636"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "An incorrect authorization vulnerability in the .NET framework allows remote attackers to bypass security controls, potentially leading to unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50528 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50528.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50528"
},
{
"cve": "CVE-2026-50648",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "An unthrottled resource allocation vulnerability in the .NET Framework allows an unauthorized attacker to cause a denial of service over a network by exhausting system resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50648 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50648"
},
{
"cve": "CVE-2026-50651",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Unrestricted resource allocation in .NET can allow unauthorized attackers to exploit the system, resulting in a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50651 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50651.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50651"
},
{
"cve": "CVE-2026-50659",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "description",
"text": "Improper encoding or escaping of output in .NET can allow an authorized attacker to perform network spoofing by manipulating network communications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50659 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50659.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50659"
},
{
"cve": "CVE-2026-57108",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in .NET Core allows unauthorized attackers to cause a denial of service by accessing resources using incompatible types over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57108 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57108.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-57108"
},
{
"cve": "CVE-2026-50646",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A protection mechanism failure in the .NET Framework allows an attacker to execute unauthorized local code, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50646 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50646.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50646"
},
{
"cve": "CVE-2026-50649",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Deserialization of untrusted data in .NET environments can allow unauthorized attackers to execute arbitrary code locally, posing significant security risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50649.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50649"
},
{
"cve": "CVE-2026-50650",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "A vulnerability in the .NET Framework\u0027s code generation control allows unauthorized local privilege escalation by improper handling of code execution permissions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50650"
},
{
"cve": "CVE-2026-50506",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50506 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50506.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50506"
},
{
"cve": "CVE-2026-45646",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "An allocation of resources without limits or throttling in ASP.NET Core enables unauthorized attackers to perform denial of service attacks over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-45646 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45646.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-45646"
},
{
"cve": "CVE-2026-47282",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "other",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "description",
"text": "Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allow unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47282 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47282.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47282"
},
{
"cve": "CVE-2026-45496",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A path traversal vulnerability in Visual Studio Code allows unauthorized local attackers to bypass security restrictions by improperly limiting pathnames to restricted directories.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-45496 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45496.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-45496"
},
{
"cve": "CVE-2026-50520",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "Improper neutralization of special elements in commands within Visual Studio Code can allow unauthorized local code execution by attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50520 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50520.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-50520"
},
{
"cve": "CVE-2026-41109",
"notes": [
{
"category": "description",
"text": "Improper neutralization of special elements in output by GitHub Copilot and Visual Studio enables unauthorized attackers to bypass security features over a network via injection vulnerabilities.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41109 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41109.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-41109"
},
{
"cve": "CVE-2026-57101",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "An input neutralization flaw in Visual Studio Code\u0027s web page generation allows a local unauthorized attacker to bypass security features.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57101 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57101.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-57101"
},
{
"cve": "CVE-2026-57102",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "description",
"text": "A vulnerability in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network by including functionality from an untrusted control sphere.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57102 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57102.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-57102"
},
{
"cve": "CVE-2026-47305",
"notes": [
{
"category": "description",
"text": "A protection mechanism failure in Visual Studio allows an attacker to execute unauthorized local code, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22"
]
}
],
"title": "CVE-2026-47305"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.