CVE-2025-26646
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
| Software | From | Fixed in |
|---|---|---|
Microsoft.Build.Tasks.Core
|
15.8.166 | 15.9.30 |
|
Microsoft.Build.Tasks.Core
|
16.0.461 | 16.11.6 |
|
Microsoft.Build.Tasks.Core
|
17.0.0 | 17.8.29 |
|
Microsoft.Build.Tasks.Core
|
17.9.5 | 17.10.29 |
|
Microsoft.Build.Tasks.Core
|
17.11.4 | 17.11.4.x |
|
Microsoft.Build.Tasks.Core
|
17.11.4 | 17.12.36 |
|
Microsoft.Build.Tasks.Core
|
17.12.6 | 17.12.6.x |
|
Microsoft.Build.Tasks.Core
|
17.12.6 | 17.13.26 |
|
Microsoft.Build.Tasks.Core
|
17.13.9 | 17.13.9.x |
|
Microsoft.Build.Tasks.Core
|
17.13.9 | 17.14.8 |
| microsoft / visual_studio_2022 | 17.12.0 | 17.12.8 |
| microsoft / visual_studio_2022 | 17.13.0 | 17.13.7 |
| microsoft / visual_studio_2022 | 17.8.0 | 17.8.21 |
| microsoft / build_tools | - | 17.13.7 |
| microsoft / visual_studio_2022 | 17.10.0 | 17.10.15 |
| microsoft / .net | 9.0.0 | 9.0.5 |
| microsoft / .net | 8.0.0 | 8.0.16 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime