PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47305 Microsoft CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T19:17:08.970Z and has not been modified since then. This high-severity vulnerability in Visual Studio, with a CVSS score of 7.8, allows an unauthorized attacker to execute code locally due to a protection mechanism failure. Affected versions include Visual Studio 2022 versions 17.12.0 to 17.12.22 and 17.14.0 to 17.14.36, as well as Visual Studio 2026 version 18.7.0 to 18.7.4. Users of these versions should apply updates to prevent local code execution.

Vendor
Microsoft
Product
Microsoft Visual Studio 2022 version 17.12
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Visual Studio 2022 and Visual Studio 2026 should apply updates to prevent local code execution. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact of this vulnerability on their environments and apply necessary mitigations.

Technical summary

CVE-2026-47305 is a high-severity vulnerability in Visual Studio, with a CVSS score of 7.8. The protection mechanism failure allows an unauthorized attacker to execute code locally. The vulnerability affects Visual Studio 2022 versions 17.12.0 to 17.12.22 and 17.14.0 to 17.14.36, as well as Visual Studio 2026 version 18.7.0 to 18.7.4. Users of these versions should apply updates to prevent local code execution.

Defensive priority

High priority due to local code execution risk

Recommended defensive actions

  • Apply vendor updates for Visual Studio 2022 and Visual Studio 2026
  • Inventory and verify installed Visual Studio versions
  • Monitor for suspicious local activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

Evidence from NVD and Microsoft sources indicates a protection mechanism failure in Visual Studio, allowing local code execution. However, details on exploitation are limited. Defenders should verify the affected scope, assess their environments for potential exposure, and apply vendor guidance to mitigate this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T19:17:08.970Z and has not been modified since then.