PatchSiren cyber security CVE debrief
CVE-2026-47305 Microsoft CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T19:17:08.970Z and has not been modified since then. This high-severity vulnerability in Visual Studio, with a CVSS score of 7.8, allows an unauthorized attacker to execute code locally due to a protection mechanism failure. Affected versions include Visual Studio 2022 versions 17.12.0 to 17.12.22 and 17.14.0 to 17.14.36, as well as Visual Studio 2026 version 18.7.0 to 18.7.4. Users of these versions should apply updates to prevent local code execution.
- Vendor
- Microsoft
- Product
- Microsoft Visual Studio 2022 version 17.12
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Visual Studio 2022 and Visual Studio 2026 should apply updates to prevent local code execution. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact of this vulnerability on their environments and apply necessary mitigations.
Technical summary
CVE-2026-47305 is a high-severity vulnerability in Visual Studio, with a CVSS score of 7.8. The protection mechanism failure allows an unauthorized attacker to execute code locally. The vulnerability affects Visual Studio 2022 versions 17.12.0 to 17.12.22 and 17.14.0 to 17.14.36, as well as Visual Studio 2026 version 18.7.0 to 18.7.4. Users of these versions should apply updates to prevent local code execution.
Defensive priority
High priority due to local code execution risk
Recommended defensive actions
- Apply vendor updates for Visual Studio 2022 and Visual Studio 2026
- Inventory and verify installed Visual Studio versions
- Monitor for suspicious local activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
Evidence from NVD and Microsoft sources indicates a protection mechanism failure in Visual Studio, allowing local code execution. However, details on exploitation are limited. Defenders should verify the affected scope, assess their environments for potential exposure, and apply vendor guidance to mitigate this vulnerability.
Official resources
-
CVE-2026-47305 CVE record
CVE.org
-
CVE-2026-47305 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T19:17:08.970Z and has not been modified since then.