Microsoft: >> Visual Studio 2022 >> 17.14.22 Security Vulnerabilities
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVSS Score
4.3
EPSS Score
0.007
Published
2026-05-12
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVSS Score
7.3
EPSS Score
0.004
Published
2026-05-12
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.008
Published
2026-04-14
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.011
Published
2026-04-14
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.0
EPSS Score
0.008
Published
2026-02-10
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2026-02-10