Home › Vendors › Microsoft › Visual Studio 2022Microsoft Visual Studio 2022 — known CVE vulnerabilities Every CVE whose affected-product data names Microsoft Visual Studio 2022, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (122) CVE-2025-55315 — CVSS 9.9 (critical) : Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a…CVE-2024-43498 — CVSS 9.8 (critical) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2024-0057 — CVSS 9.1 (critical) : NET, .NET Framework, and Visual Studio Security Feature Bypass VulnerabilityCVE-2025-49739 — CVSS 8.8 (high) : Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over…CVE-2024-28934 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2021-43877 — CVSS 8.8 (high) : ASP.NET Core and Visual Studio Elevation of Privilege VulnerabilityCVE-2022-35827 — CVSS 8.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2024-28929 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-28930 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-28931 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-28932 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-28933 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2025-21178 — CVSS 8.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2024-28935 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-28938 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2022-35777 — CVSS 8.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2024-28937 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2022-35825 — CVSS 8.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2026-21256 — CVSS 8.8 (high) : Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an…CVE-2022-35826 — CVSS 8.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2024-28936 — CVSS 8.8 (high) : Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVE-2024-0056 — CVSS 8.7 (high) : Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityCVE-2023-36038 — CVSS 8.2 (high) : ASP.NET Core Denial of Service VulnerabilityCVE-2023-33170 — CVSS 8.1 (high) : ASP.NET and Visual Studio Security Feature Bypass VulnerabilityCVE-2024-38229 — CVSS 8.1 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2024-35264 — CVSS 8.1 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2023-36897 — CVSS 8.1 (high) : Visual Studio Tools for Office Runtime Spoofing VulnerabilityCVE-2023-33127 — CVSS 8.1 (high) : .NET and Visual Studio Elevation of Privilege VulnerabilityCVE-2026-21257 — CVSS 8.0 (high) : Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an…CVE-2025-26646 — CVSS 8.0 (high) : External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform…CVE-2023-36794 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2024-20656 — CVSS 7.8 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2022-24513 — CVSS 7.8 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2022-41032 — CVSS 7.8 (high) : NuGet Client Elevation of Privilege VulnerabilityCVE-2022-41119 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2023-21566 — CVSS 7.8 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2023-21808 — CVSS 7.8 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2023-21815 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2023-23381 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2023-24895 — CVSS 7.8 (high) : .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityCVE-2023-24897 — CVSS 7.8 (high) : .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityCVE-2023-28260 — CVSS 7.8 (high) : .NET DLL Hijacking Remote Code Execution VulnerabilityCVE-2023-28262 — CVSS 7.8 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2025-53773 — CVSS 7.8 (high) : Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an…CVE-2023-28296 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2025-32702 — CVSS 7.8 (high) : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to…CVE-2024-43590 — CVSS 7.8 (high) : Visual C++ Redistributable Installer Elevation of Privilege VulnerabilityCVE-2023-35390 — CVSS 7.8 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2023-36758 — CVSS 7.8 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2023-36792 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2023-36793 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2023-36796 — CVSS 7.8 (high) : Visual Studio Remote Code Execution VulnerabilityCVE-2022-24767 — CVSS 7.8 (high) : GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.CVE-2023-36049 — CVSS 7.6 (high) : .NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityCVE-2026-32203 — CVSS 7.5 (high) : Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.CVE-2022-21986 — CVSS 7.5 (high) : .NET Denial of Service VulnerabilityCVE-2022-23267 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2022-24464 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2022-29117 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2022-29145 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2022-38013 — CVSS 7.5 (high) : .NET Core and Visual Studio Denial of Service VulnerabilityCVE-2023-38171 — CVSS 7.5 (high) : Microsoft QUIC Denial of Service VulnerabilityCVE-2023-38178 — CVSS 7.5 (high) : .NET Core and Visual Studio Denial of Service VulnerabilityCVE-2023-38180 — CVSS 7.5 (high) — actively exploited : .NET and Visual Studio Denial of Service VulnerabilityCVE-2023-44487 — CVSS 7.5 (high) — actively exploited : The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly…CVE-2024-21386 — CVSS 7.5 (high) : .NET Denial of Service VulnerabilityCVE-2024-21392 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2024-21404 — CVSS 7.5 (high) : .NET Denial of Service VulnerabilityCVE-2024-26190 — CVSS 7.5 (high) : Microsoft QUIC Denial of Service VulnerabilityCVE-2024-30105 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2024-38095 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2024-38168 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2024-43483 — CVSS 7.5 (high) : .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityCVE-2024-43484 — CVSS 7.5 (high) : .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityCVE-2024-43485 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2024-43499 — CVSS 7.5 (high) : .NET and Visual Studio Denial of Service VulnerabilityCVE-2025-21171 — CVSS 7.5 (high) : .NET Remote Code Execution VulnerabilityCVE-2025-21172 — CVSS 7.5 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2025-26682 — CVSS 7.5 (high) : Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.CVE-2025-30399 — CVSS 7.5 (high) : Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.CVE-2026-32178 — CVSS 7.5 (high) : Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.CVE-2023-33128 — CVSS 7.3 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2024-38081 — CVSS 7.3 (high) : .NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityCVE-2025-55240 — CVSS 7.3 (high) : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2024-21409 — CVSS 7.3 (high) : .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityCVE-2025-21173 — CVSS 7.3 (high) : .NET Elevation of Privilege VulnerabilityCVE-2025-21206 — CVSS 7.3 (high) : Visual Studio Installer Elevation of Privilege VulnerabilityCVE-2025-29804 — CVSS 7.3 (high) : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2025-29802 — CVSS 7.3 (high) : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2026-32177 — CVSS 7.3 (high) : Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.CVE-2023-33126 — CVSS 7.3 (high) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2023-33135 — CVSS 7.3 (high) : .NET and Visual Studio Elevation of Privilege VulnerabilityCVE-2025-25003 — CVSS 7.3 (high) : Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2025-24998 — CVSS 7.3 (high) : Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.CVE-2025-21405 — CVSS 7.3 (high) : Visual Studio Elevation of Privilege VulnerabilityCVE-2025-47959 — CVSS 7.1 (high) : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to…CVE-2025-24070 — CVSS 7.0 (high) : Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.CVE-2024-21319 — CVSS 6.8 (medium) : Microsoft Identity Denial of service vulnerabilityCVE-2025-62214 — CVSS 6.7 (medium) : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to…CVE-2024-29060 — CVSS 6.7 (medium) : Visual Studio Elevation of Privilege VulnerabilityCVE-2024-49044 — CVSS 6.7 (medium) : Visual Studio Elevation of Privilege VulnerabilityCVE-2023-36759 — CVSS 6.7 (medium) : Visual Studio Elevation of Privilege VulnerabilityCVE-2023-32032 — CVSS 6.5 (medium) : .NET and Visual Studio Elevation of Privilege VulnerabilityCVE-2024-38167 — CVSS 6.5 (medium) : .NET and Visual Studio Information Disclosure VulnerabilityCVE-2023-36799 — CVSS 6.5 (medium) : .NET Core and Visual Studio Denial of Service VulnerabilityCVE-2022-24512 — CVSS 6.3 (medium) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2024-30045 — CVSS 6.3 (medium) : .NET and Visual Studio Remote Code Execution VulnerabilityCVE-2023-35391 — CVSS 6.2 (medium) : ASP.NET Core SignalR and Visual Studio Information Disclosure VulnerabilityCVE-2023-36558 — CVSS 6.2 (medium) : ASP.NET Core Security Feature Bypass VulnerabilityCVE-2023-36042 — CVSS 6.2 (medium) : Visual Studio Denial of Service VulnerabilityCVE-2024-30046 — CVSS 5.9 (medium) : Visual Studio Denial of Service VulnerabilityCVE-2023-21567 — CVSS 5.6 (medium) : Visual Studio Denial of Service VulnerabilityCVE-2024-43603 — CVSS 5.5 (medium) : Visual Studio Collector Service Denial of Service VulnerabilityCVE-2023-33139 — CVSS 5.5 (medium) : Visual Studio Information Disclosure VulnerabilityCVE-2022-30184 — CVSS 5.5 (medium) : .NET and Visual Studio Information Disclosure VulnerabilityCVE-2025-32703 — CVSS 5.5 (medium) : Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.CVE-2023-28263 — CVSS 5.5 (medium) : Visual Studio Information Disclosure VulnerabilityCVE-2023-28299 — CVSS 5.5 (medium) : Visual Studio Spoofing VulnerabilityCVE-2020-8927 — CVSS 5.3 (medium) : A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot"…CVE-2025-55248 — CVSS 4.8 (medium) : Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.CVE-2024-30052 — CVSS 4.7 (medium) : Visual Studio Remote Code Execution VulnerabilityCVE-2026-32175 — CVSS 4.3 (medium) : A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this…