Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-26646

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Published: May 13, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-26646
GHSA: GHSA-h4j7-5rxr-p4wc
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-73

Affected Software
References

Software	From	Fixed in
Microsoft.Build.Tasks.Core	15.8.166	15.9.30
Microsoft.Build.Tasks.Core	16.0.461	16.11.6
Microsoft.Build.Tasks.Core	17.0.0	17.8.29
Microsoft.Build.Tasks.Core	17.9.5	17.10.29
Microsoft.Build.Tasks.Core	17.11.4	17.11.4.x
Microsoft.Build.Tasks.Core	17.11.4	17.12.36
Microsoft.Build.Tasks.Core	17.12.6	17.12.6.x
Microsoft.Build.Tasks.Core	17.12.6	17.13.26
Microsoft.Build.Tasks.Core	17.13.9	17.13.9.x
Microsoft.Build.Tasks.Core	17.13.9	17.14.8
microsoft / visual_studio_2022	17.12.0	17.12.8
microsoft / visual_studio_2022	17.13.0	17.13.7
microsoft / visual_studio_2022	17.8.0	17.8.21
microsoft / build_tools	-	17.13.7
microsoft / visual_studio_2022	17.10.0	17.10.15
microsoft / .net	9.0.0	9.0.5
microsoft / .net	8.0.0	8.0.16