Vulnerability-Lookup

CVE-2026-47292 (GCVE-0-2026-47292)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:04 – Updated: 2026-06-10 17:53

Title

Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Summary

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Visual Studio Code - MSSQL Extension	Affected: 1.0.0 , < 1.123.1 (custom)

Date Public

2026-06-09 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T03:57:50.382011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T10:25:57.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Visual Studio Code - MSSQL Extension",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.123.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_code_mssql_extension:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.123.1",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:53:50.156Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
        }
      ],
      "title": "Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-47292",
    "datePublished": "2026-06-09T17:04:59.894Z",
    "dateReserved": "2026-05-18T23:53:33.897Z",
    "dateUpdated": "2026-06-10T17:53:50.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-47292",
      "date": "2026-06-10",
      "epss": "0.00157",
      "percentile": "0.36285"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-47292\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-06-09T17:17:34.800\",\"lastModified\":\"2026-06-09T19:32:51.440\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292\",\"source\":\"secure@microsoft.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-47292\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T03:57:50.382011Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-10T10:25:51.007Z\"}}], \"cna\": {\"title\": \"Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Visual Studio Code - MSSQL Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"1.123.1\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-06-09T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292\", \"name\": \"Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-829\", \"description\": \"CWE-829: Inclusion of Functionality from Untrusted Control Sphere\"}, {\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_code_mssql_extension:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.123.1\", \"versionStartIncluding\": \"1.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-06-10T17:53:50.156Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-47292\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-10T17:53:50.156Z\", \"dateReserved\": \"2026-05-18T23:53:33.897Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-06-09T17:04:59.894Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0731

Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Nuance PowerScribe One version 2019.8 antérieures à 2019.8.43.19
Microsoft	N/A	PowerScribe One version 2023.1 SP2 Patch 11 antérieures à 2023.2.3054
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.3 antérieures à 7.0.197.10
Microsoft	N/A	Nuance PowerScribe One version 2019.1 antérieures à 2019.1.96.6
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.8 antérieures à 7.0.427.15
Microsoft	N/A	Microsoft Visual Studio 2026 version 18.6 antérieures à 18.6.3
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20153
Microsoft	N/A	PowerScribe One version 2023.1 SP3 Patch 6 antérieures à 2023.3.9072
Microsoft	N/A	Microsoft PowerToys versions antérieures à v0.99.1
Microsoft	N/A	azl3 httpd 2.4.67-1 versions antérieures à 2.4.68-1
Microsoft	N/A	Visual Studio Code - MSSQL Extension versions antérieures à 1.123.1
Microsoft	N/A	Nuance PowerScribe One version 2019.3 antérieures à 2019.3.16.21
Microsoft	N/A	Nuance PowerScribe One version 2019.5 antérieures à 2019.5.14.40
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.4 antérieures à 7.0.212.10
Microsoft	N/A	Microsoft Live Share Canvas SDK versions antérieures à 1.4.2
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5556.1005
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 14 versions antérieures à 15.02.1544.041
Microsoft	N/A	azl3 erlang 26.2.5.20-1 versions antérieures à 26.2.5.21-1
Microsoft	N/A	azl3 libinput 1.25.0-1 versions antérieures à 1.25.0-2
Microsoft	N/A	Nuance PowerScribe One version 2019.10 antérieures à 2019.10.36.14
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1 Train 26062 (06.2)
Microsoft	N/A	Nuance PowerScribe One version 2019.6 antérieures à 2019.6.36.40
Microsoft	N/A	Nuance PowerScribe One version 2019.2 antérieures à 2019.2.9.11
Microsoft	N/A	Visual Studio Code versions antérieures à 1.123.1
Microsoft	N/A	azl3 docker-buildx 0.14.0-13 versions antérieures à 0.14.0-15
Microsoft	N/A	Nuance PowerScribe One version 2019.7 antérieures à 2019.7.107.26
Microsoft	N/A	Microsoft PC Manager versions antérieures à 3.21.6.0
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.5 antérieures à 7.0.243.19
Microsoft	N/A	azl3 docker-compose 2.27.0-11 versions antérieures à 2.27.0-13
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20384
Microsoft	N/A	Nuance PowerScribe One version 2019.4 antérieures à 2019.4.9.17
Microsoft	N/A	Microsoft Visual Studio Code CoPilot Chat Extension versions antérieures à 1.123.1
Microsoft	N/A	Nuance PowerScribe 360 4.0 versions antérieures à 7.0.11.49
Microsoft	N/A	Visual Studio Code versions antérieures à 1.119.1
Microsoft	N/A	azl3 packer 1.9.5-15 versions antérieures à 1.9.5-16
Microsoft	N/A	Nuance PowerScribe One version 2019.9 antérieures à 2019.9.31.23
Microsoft	N/A	Linux kernel - Microsoft MANA Network Driver versions antérieures à 7.1
Microsoft	N/A	azl3 kernel 6.6.139.1-1 versions antérieures à 6.6.141.1-1
Microsoft	N/A	Microsoft Bing Search pour Android versions antérieures à 33.3
Microsoft	N/A	Microsoft Defender pour Endpoint pour Mac versions antérieures à 101.26042.0011
Microsoft	N/A	azl3 perl 5.38.2-509 versions antérieures à 5.38.2-510
Microsoft	N/A	azl3 freeipmi 1.6.17-1 versions antérieures à 1.6.18-1
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.1 antérieures à 7.0.111.68
Microsoft	N/A	Microsoft Exchange Server Subscription Edition RTM versions antérieures à 15.02.2562.043
Microsoft	N/A	Microsoft Teams pour Android versions antérieures à 1.0.76.2026111302
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.6 antérieures à 7.0.277.28
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.7 antérieures à 7.0.316.12
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 15 versions antérieures à 15.02.1748.046
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.9 antérieures à 7.0.528.24
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23 versions antérieures à 15.01.2507.069
Microsoft	N/A	Nuance PowerScribe 360 version 4.0.2 antérieures à 7.0.154.18
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5556.1002

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-46231	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46018	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45845	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46226	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46088	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46050	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46173	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46062	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46167	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46070	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47638	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46132	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45465	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46037	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45454	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45838	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46009	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-48569	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46185	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46098	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46187	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46026	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46177	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46124	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46005	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42789	2026-05-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46150	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46079	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46163	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46137	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46220	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46172	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45840	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46040	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46002	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46138	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45500	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42902	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46219	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45835	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46238	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45476	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46015	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45834	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46111	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46212	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-39833	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46038	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46024	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46176	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46196	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46214	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46103	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45462	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46077	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46234	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47640	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46131	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46120	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47639	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46300	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45846	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46043	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46225	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47292	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46195	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46191	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46149	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45481	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-48562	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46193	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45591	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47637	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45479	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45583	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46115	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46161	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46027	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-48959	2026-06-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45467	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45475	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46133	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45989	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47298	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46064	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46046	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46102	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45844	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46006	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46236	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45650	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46065	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47636	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46012	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46209	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46136	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45996	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46146	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46094	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-33113	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45998	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46108	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46101	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46058	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45503	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-44821	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42496	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46085	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46165	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-49161	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46049	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46031	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46047	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47281	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46089	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47284	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45468	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-40371	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-48962	2026-05-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-49975	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45483	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-44824	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45997	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46227	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47287	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45987	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42790	2026-05-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-26142	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46129	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45994	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45484	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45647	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46114	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46075	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45842	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45836	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45841	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46230	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45843	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46086	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47634	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46000	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45999	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46123	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46205	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-50511	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45485	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47641	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-50292	2026-06-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46052	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46178	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46068	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46107	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46033	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46273	2026-06-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46160	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46190	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46011	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46113	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46016	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46233	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46199	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45456	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-50512	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46156	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46145	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46072	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46051	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46164	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46056	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46109	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46204	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46152	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46197	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46189	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46125	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46144	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46078	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43503	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45464	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46159	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45839	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45502	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46048	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46116	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45471	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45986	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45453	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46019	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46142	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45458	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45482	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-48560	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46208	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45993	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46229	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46155	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46022	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46110	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45991	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46003	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46128	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46106	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42835	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45988	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45501	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46063	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46168	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46021	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46091	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46218	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46206	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46119	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46084	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46127	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46186	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46198	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46151	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46082	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-40376	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45504	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46004	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46083	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46099	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-47631	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46053	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-44819	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-50031	2026-06-04	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-15649	2026-05-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46122	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46080	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46023	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-45644	2026-06-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46112	2026-05-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46069	2026-05-28	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46180	2026-05-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nuance PowerScribe One version 2019.8 ant\u00e9rieures \u00e0 2019.8.43.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerScribe One version 2023.1 SP2 Patch 11 ant\u00e9rieures \u00e0 2023.2.3054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.3 ant\u00e9rieures \u00e0 7.0.197.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.1 ant\u00e9rieures \u00e0 2019.1.96.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.8 ant\u00e9rieures \u00e0 7.0.427.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2026 version 18.6 ant\u00e9rieures \u00e0 18.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20153",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerScribe One version 2023.1 SP3 Patch 6 ant\u00e9rieures \u00e0 2023.3.9072",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerToys versions ant\u00e9rieures \u00e0 v0.99.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 httpd 2.4.67-1 versions ant\u00e9rieures \u00e0 2.4.68-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code - MSSQL Extension versions ant\u00e9rieures \u00e0 1.123.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.3 ant\u00e9rieures \u00e0 2019.3.16.21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.5 ant\u00e9rieures \u00e0 2019.5.14.40",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.4 ant\u00e9rieures \u00e0 7.0.212.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Live Share Canvas SDK versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5556.1005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 14 versions ant\u00e9rieures \u00e0 15.02.1544.041",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 erlang 26.2.5.20-1 versions ant\u00e9rieures \u00e0 26.2.5.21-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libinput 1.25.0-1 versions ant\u00e9rieures \u00e0 1.25.0-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.10 ant\u00e9rieures \u00e0 2019.10.36.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1 Train 26062 (06.2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.6 ant\u00e9rieures \u00e0 2019.6.36.40",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.2 ant\u00e9rieures \u00e0 2019.2.9.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.123.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 docker-buildx 0.14.0-13 versions ant\u00e9rieures \u00e0 0.14.0-15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.7 ant\u00e9rieures \u00e0 2019.7.107.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PC Manager versions ant\u00e9rieures \u00e0 3.21.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.5 ant\u00e9rieures \u00e0 7.0.243.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 docker-compose 2.27.0-11 versions ant\u00e9rieures \u00e0 2.27.0-13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19725.20384",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.4 ant\u00e9rieures \u00e0 2019.4.9.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio Code CoPilot Chat Extension versions ant\u00e9rieures \u00e0 1.123.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 4.0 versions ant\u00e9rieures \u00e0 7.0.11.49",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.119.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 packer 1.9.5-15 versions ant\u00e9rieures \u00e0 1.9.5-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe One version 2019.9 ant\u00e9rieures \u00e0 2019.9.31.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Linux kernel - Microsoft MANA Network Driver versions ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.139.1-1 versions ant\u00e9rieures \u00e0 6.6.141.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Bing Search pour Android versions ant\u00e9rieures \u00e0 33.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender pour Endpoint pour Mac versions ant\u00e9rieures \u00e0 101.26042.0011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 perl 5.38.2-509 versions ant\u00e9rieures \u00e0 5.38.2-510",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 freeipmi 1.6.17-1 versions ant\u00e9rieures \u00e0 1.6.18-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.1 ant\u00e9rieures \u00e0 7.0.111.68",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server Subscription Edition RTM versions ant\u00e9rieures \u00e0 15.02.2562.043",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Teams pour Android versions ant\u00e9rieures \u00e0 1.0.76.2026111302",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.6 ant\u00e9rieures \u00e0 7.0.277.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.7 ant\u00e9rieures \u00e0 7.0.316.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 15 versions ant\u00e9rieures \u00e0 15.02.1748.046",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.9 ant\u00e9rieures \u00e0 7.0.528.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23 versions ant\u00e9rieures \u00e0 15.01.2507.069",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuance PowerScribe 360 version 4.0.2 ant\u00e9rieures \u00e0 7.0.154.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5556.1002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-45842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45842"
    },
    {
      "name": "CVE-2026-42902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42902"
    },
    {
      "name": "CVE-2026-46119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46119"
    },
    {
      "name": "CVE-2026-42789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42789"
    },
    {
      "name": "CVE-2026-47639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47639"
    },
    {
      "name": "CVE-2026-45845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45845"
    },
    {
      "name": "CVE-2026-46124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46124"
    },
    {
      "name": "CVE-2026-46082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46082"
    },
    {
      "name": "CVE-2026-45464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45464"
    },
    {
      "name": "CVE-2026-46065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46065"
    },
    {
      "name": "CVE-2026-46227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46227"
    },
    {
      "name": "CVE-2026-47631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47631"
    },
    {
      "name": "CVE-2026-42496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42496"
    },
    {
      "name": "CVE-2026-46185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46185"
    },
    {
      "name": "CVE-2026-46064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46064"
    },
    {
      "name": "CVE-2026-45988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45988"
    },
    {
      "name": "CVE-2026-46112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46112"
    },
    {
      "name": "CVE-2026-46196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46196"
    },
    {
      "name": "CVE-2026-42790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42790"
    },
    {
      "name": "CVE-2026-46063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46063"
    },
    {
      "name": "CVE-2026-45583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45583"
    },
    {
      "name": "CVE-2026-45500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45500"
    },
    {
      "name": "CVE-2026-39833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39833"
    },
    {
      "name": "CVE-2026-46233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46233"
    },
    {
      "name": "CVE-2026-45504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45504"
    },
    {
      "name": "CVE-2026-47292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47292"
    },
    {
      "name": "CVE-2026-46114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46114"
    },
    {
      "name": "CVE-2026-45650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45650"
    },
    {
      "name": "CVE-2026-46080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46080"
    },
    {
      "name": "CVE-2026-46231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46231"
    },
    {
      "name": "CVE-2026-45835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45835"
    },
    {
      "name": "CVE-2026-45996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45996"
    },
    {
      "name": "CVE-2026-46229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46229"
    },
    {
      "name": "CVE-2026-46019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46019"
    },
    {
      "name": "CVE-2026-46173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46173"
    },
    {
      "name": "CVE-2026-46195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46195"
    },
    {
      "name": "CVE-2026-46204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46204"
    },
    {
      "name": "CVE-2026-46214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46214"
    },
    {
      "name": "CVE-2026-45647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45647"
    },
    {
      "name": "CVE-2025-15649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15649"
    },
    {
      "name": "CVE-2026-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-48560"
    },
    {
      "name": "CVE-2026-45502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45502"
    },
    {
      "name": "CVE-2026-46027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46027"
    },
    {
      "name": "CVE-2026-45591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45591"
    },
    {
      "name": "CVE-2026-46040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46040"
    },
    {
      "name": "CVE-2026-46236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46236"
    },
    {
      "name": "CVE-2026-45481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45481"
    },
    {
      "name": "CVE-2026-46113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46113"
    },
    {
      "name": "CVE-2026-46137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46137"
    },
    {
      "name": "CVE-2026-45841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45841"
    },
    {
      "name": "CVE-2026-46072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46072"
    },
    {
      "name": "CVE-2026-46159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46159"
    },
    {
      "name": "CVE-2026-46190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46190"
    },
    {
      "name": "CVE-2026-46142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46142"
    },
    {
      "name": "CVE-2026-47634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47634"
    },
    {
      "name": "CVE-2026-45468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45468"
    },
    {
      "name": "CVE-2026-50292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-50292"
    },
    {
      "name": "CVE-2026-42835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42835"
    },
    {
      "name": "CVE-2026-46209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46209"
    },
    {
      "name": "CVE-2026-46031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46031"
    },
    {
      "name": "CVE-2026-46186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46186"
    },
    {
      "name": "CVE-2026-46002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46002"
    },
    {
      "name": "CVE-2026-43503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
    },
    {
      "name": "CVE-2026-46101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46101"
    },
    {
      "name": "CVE-2026-46099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46099"
    },
    {
      "name": "CVE-2026-45989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45989"
    },
    {
      "name": "CVE-2026-46091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46091"
    },
    {
      "name": "CVE-2026-46024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46024"
    },
    {
      "name": "CVE-2026-46106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46106"
    },
    {
      "name": "CVE-2026-46037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46037"
    },
    {
      "name": "CVE-2026-46116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46116"
    },
    {
      "name": "CVE-2026-46083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46083"
    },
    {
      "name": "CVE-2026-46151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46151"
    },
    {
      "name": "CVE-2026-46220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46220"
    },
    {
      "name": "CVE-2026-46127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46127"
    },
    {
      "name": "CVE-2026-46176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46176"
    },
    {
      "name": "CVE-2026-46146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46146"
    },
    {
      "name": "CVE-2026-45836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45836"
    },
    {
      "name": "CVE-2026-46178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46178"
    },
    {
      "name": "CVE-2026-45846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45846"
    },
    {
      "name": "CVE-2026-46133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46133"
    },
    {
      "name": "CVE-2026-46005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46005"
    },
    {
      "name": "CVE-2026-40371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40371"
    },
    {
      "name": "CVE-2026-46069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46069"
    },
    {
      "name": "CVE-2026-47298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47298"
    },
    {
      "name": "CVE-2026-46122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46122"
    },
    {
      "name": "CVE-2026-47637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47637"
    },
    {
      "name": "CVE-2026-46022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46022"
    },
    {
      "name": "CVE-2026-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46103"
    },
    {
      "name": "CVE-2026-46226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46226"
    },
    {
      "name": "CVE-2026-46043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46043"
    },
    {
      "name": "CVE-2026-46120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46120"
    },
    {
      "name": "CVE-2026-46198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46198"
    },
    {
      "name": "CVE-2026-49975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
    },
    {
      "name": "CVE-2026-46189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46189"
    },
    {
      "name": "CVE-2026-46011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46011"
    },
    {
      "name": "CVE-2026-46128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46128"
    },
    {
      "name": "CVE-2026-45503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45503"
    },
    {
      "name": "CVE-2026-46012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46012"
    },
    {
      "name": "CVE-2026-45479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45479"
    },
    {
      "name": "CVE-2026-46197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46197"
    },
    {
      "name": "CVE-2026-45467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45467"
    },
    {
      "name": "CVE-2026-45999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45999"
    },
    {
      "name": "CVE-2026-46180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46180"
    },
    {
      "name": "CVE-2026-46038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46038"
    },
    {
      "name": "CVE-2026-48962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-48962"
    },
    {
      "name": "CVE-2026-46206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46206"
    },
    {
      "name": "CVE-2026-46000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46000"
    },
    {
      "name": "CVE-2026-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46234"
    },
    {
      "name": "CVE-2026-46109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46109"
    },
    {
      "name": "CVE-2026-46062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46062"
    },
    {
      "name": "CVE-2026-46108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46108"
    },
    {
      "name": "CVE-2026-46049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46049"
    },
    {
      "name": "CVE-2026-45458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45458"
    },
    {
      "name": "CVE-2026-47640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47640"
    },
    {
      "name": "CVE-2026-45997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45997"
    },
    {
      "name": "CVE-2026-46070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46070"
    },
    {
      "name": "CVE-2026-46150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46150"
    },
    {
      "name": "CVE-2026-44819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44819"
    },
    {
      "name": "CVE-2026-45840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45840"
    },
    {
      "name": "CVE-2026-45484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45484"
    },
    {
      "name": "CVE-2026-46300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
    },
    {
      "name": "CVE-2026-46219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46219"
    },
    {
      "name": "CVE-2026-46172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46172"
    },
    {
      "name": "CVE-2026-45993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45993"
    },
    {
      "name": "CVE-2026-46161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46161"
    },
    {
      "name": "CVE-2026-46026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46026"
    },
    {
      "name": "CVE-2026-45844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45844"
    },
    {
      "name": "CVE-2026-46110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46110"
    },
    {
      "name": "CVE-2026-48562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-48562"
    },
    {
      "name": "CVE-2026-45998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45998"
    },
    {
      "name": "CVE-2026-44821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44821"
    },
    {
      "name": "CVE-2026-47284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47284"
    },
    {
      "name": "CVE-2026-46111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46111"
    },
    {
      "name": "CVE-2026-46018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46018"
    },
    {
      "name": "CVE-2026-45991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45991"
    },
    {
      "name": "CVE-2026-46046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46046"
    },
    {
      "name": "CVE-2026-46145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46145"
    },
    {
      "name": "CVE-2026-46156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46156"
    },
    {
      "name": "CVE-2026-45476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45476"
    },
    {
      "name": "CVE-2026-46125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46125"
    },
    {
      "name": "CVE-2026-46152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46152"
    },
    {
      "name": "CVE-2026-45482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45482"
    },
    {
      "name": "CVE-2026-46075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46075"
    },
    {
      "name": "CVE-2026-46167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46167"
    },
    {
      "name": "CVE-2026-46191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46191"
    },
    {
      "name": "CVE-2026-26142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26142"
    },
    {
      "name": "CVE-2026-48959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-48959"
    },
    {
      "name": "CVE-2026-33113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33113"
    },
    {
      "name": "CVE-2026-46129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46129"
    },
    {
      "name": "CVE-2026-46006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46006"
    },
    {
      "name": "CVE-2026-49161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49161"
    },
    {
      "name": "CVE-2026-45843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45843"
    },
    {
      "name": "CVE-2026-46115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46115"
    },
    {
      "name": "CVE-2026-46016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46016"
    },
    {
      "name": "CVE-2026-46015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46015"
    },
    {
      "name": "CVE-2026-45485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45485"
    },
    {
      "name": "CVE-2026-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46136"
    },
    {
      "name": "CVE-2026-46068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46068"
    },
    {
      "name": "CVE-2026-46056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46056"
    },
    {
      "name": "CVE-2026-46230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46230"
    },
    {
      "name": "CVE-2026-46138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46138"
    },
    {
      "name": "CVE-2026-46225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46225"
    },
    {
      "name": "CVE-2026-46004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46004"
    },
    {
      "name": "CVE-2026-46086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46086"
    },
    {
      "name": "CVE-2026-46094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46094"
    },
    {
      "name": "CVE-2026-46149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46149"
    },
    {
      "name": "CVE-2026-46208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46208"
    },
    {
      "name": "CVE-2026-45483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45483"
    },
    {
      "name": "CVE-2026-46205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46205"
    },
    {
      "name": "CVE-2026-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46218"
    },
    {
      "name": "CVE-2026-45456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45456"
    },
    {
      "name": "CVE-2026-46132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46132"
    },
    {
      "name": "CVE-2026-46160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46160"
    },
    {
      "name": "CVE-2026-46177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46177"
    },
    {
      "name": "CVE-2026-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47287"
    },
    {
      "name": "CVE-2026-46131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46131"
    },
    {
      "name": "CVE-2026-46084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46084"
    },
    {
      "name": "CVE-2026-46079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46079"
    },
    {
      "name": "CVE-2026-45471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45471"
    },
    {
      "name": "CVE-2026-50512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-50512"
    },
    {
      "name": "CVE-2026-45501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45501"
    },
    {
      "name": "CVE-2026-46085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46085"
    },
    {
      "name": "CVE-2026-47638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47638"
    },
    {
      "name": "CVE-2026-47636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47636"
    },
    {
      "name": "CVE-2026-46021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46021"
    },
    {
      "name": "CVE-2026-45465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45465"
    },
    {
      "name": "CVE-2026-48569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-48569"
    },
    {
      "name": "CVE-2026-45462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45462"
    },
    {
      "name": "CVE-2026-46107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46107"
    },
    {
      "name": "CVE-2026-46047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46047"
    },
    {
      "name": "CVE-2026-46273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46273"
    },
    {
      "name": "CVE-2026-40376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40376"
    },
    {
      "name": "CVE-2026-45994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45994"
    },
    {
      "name": "CVE-2026-44824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44824"
    },
    {
      "name": "CVE-2026-46163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46163"
    },
    {
      "name": "CVE-2026-46164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46164"
    },
    {
      "name": "CVE-2026-45838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45838"
    },
    {
      "name": "CVE-2026-45454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45454"
    },
    {
      "name": "CVE-2026-45453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45453"
    },
    {
      "name": "CVE-2026-46077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46077"
    },
    {
      "name": "CVE-2026-46187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46187"
    },
    {
      "name": "CVE-2026-46168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46168"
    },
    {
      "name": "CVE-2026-45986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45986"
    },
    {
      "name": "CVE-2026-45987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45987"
    },
    {
      "name": "CVE-2026-45644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45644"
    },
    {
      "name": "CVE-2026-46050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46050"
    },
    {
      "name": "CVE-2026-46003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46003"
    },
    {
      "name": "CVE-2026-46009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46009"
    },
    {
      "name": "CVE-2026-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46144"
    },
    {
      "name": "CVE-2026-46023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46023"
    },
    {
      "name": "CVE-2026-47641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47641"
    },
    {
      "name": "CVE-2026-46193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46193"
    },
    {
      "name": "CVE-2026-46033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46033"
    },
    {
      "name": "CVE-2026-46212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46212"
    },
    {
      "name": "CVE-2026-50031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-50031"
    },
    {
      "name": "CVE-2026-45834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45834"
    },
    {
      "name": "CVE-2026-46089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46089"
    },
    {
      "name": "CVE-2026-50511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-50511"
    },
    {
      "name": "CVE-2026-46199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46199"
    },
    {
      "name": "CVE-2026-46123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46123"
    },
    {
      "name": "CVE-2026-46098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46098"
    },
    {
      "name": "CVE-2026-47281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-47281"
    },
    {
      "name": "CVE-2026-46165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46165"
    },
    {
      "name": "CVE-2026-46052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46052"
    },
    {
      "name": "CVE-2026-46053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46053"
    },
    {
      "name": "CVE-2026-45475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45475"
    },
    {
      "name": "CVE-2026-46238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46238"
    },
    {
      "name": "CVE-2026-46051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46051"
    },
    {
      "name": "CVE-2026-46155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46155"
    },
    {
      "name": "CVE-2026-45839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45839"
    },
    {
      "name": "CVE-2026-46088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46088"
    },
    {
      "name": "CVE-2026-46048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46048"
    },
    {
      "name": "CVE-2026-46102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46102"
    },
    {
      "name": "CVE-2026-46078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46078"
    },
    {
      "name": "CVE-2026-46058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46058"
    }
  ],
  "initial_release_date": "2026-06-10T00:00:00",
  "last_revision_date": "2026-06-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0731",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46231"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46018"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45845",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45845"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46226",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46226"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46088",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46088"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46050",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46050"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46173",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46173"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46062"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46167",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46167"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46070",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46070"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47638",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47638"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46132",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46132"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45465",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45465"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46037",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46037"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45454",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45454"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45838",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45838"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46009",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46009"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-48569",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46185",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46185"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46098",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46098"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46187",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46187"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46026",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46026"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46177"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46124",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46124"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46005",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46005"
    },
    {
      "published_at": "2026-05-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42789",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42789"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46150",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46150"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46079",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46079"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46163",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46163"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46137",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46137"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46220"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46172",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46172"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45840",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45840"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46040"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46002",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46002"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46138",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46138"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45500",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45500"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42902",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42902"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46219"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45835",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45835"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46238",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46238"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45476",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45476"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46015",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46015"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45834",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45834"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46111",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46111"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46212",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46212"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39833",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39833"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46038",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46038"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46024"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46176"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46196"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46214",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46214"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46103",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46103"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45462",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45462"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46077",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46077"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46234",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46234"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47640",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47640"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46131",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46131"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46120",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46120"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47639",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47639"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46300",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46300"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45846",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45846"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46043",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46043"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46225",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46225"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47292",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46195",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46195"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46191",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46191"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46149",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46149"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45481",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45481"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-48562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48562"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46193",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46193"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45591",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47637",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47637"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45479",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45479"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45583",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45583"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46115",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46115"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46161"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46027",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46027"
    },
    {
      "published_at": "2026-06-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-48959",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48959"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45467",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45467"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45475",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46133"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45989",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45989"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47298",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47298"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46064",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46064"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46046",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46046"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46102"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45844",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45844"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46006",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46006"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46236",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46236"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45650",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46065",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46065"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47636",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47636"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46012",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46012"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46209"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46136",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46136"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45996",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45996"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46146",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46146"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46094",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46094"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33113",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33113"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45998",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45998"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46108"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46101",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46101"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46058",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46058"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45503",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45503"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-44821",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44821"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42496",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42496"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46085",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46085"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46165",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46165"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-49161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49161"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46049",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46049"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46031",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46031"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46047",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46047"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47281",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47281"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46089",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46089"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47284",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47284"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45468",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45468"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40371",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40371"
    },
    {
      "published_at": "2026-05-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-48962",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48962"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-49975",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49975"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45483",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45483"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-44824",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44824"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45997",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45997"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46227"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47287",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47287"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45987",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45987"
    },
    {
      "published_at": "2026-05-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42790",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42790"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26142",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46129",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46129"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45994",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45994"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45484",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45484"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45647",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45647"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46114",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46114"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46075",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46075"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45842",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45842"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45836",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45836"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45841",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45841"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46230"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45843",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45843"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46086",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46086"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47634",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47634"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46000",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46000"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45999",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45999"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46123",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46123"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46205",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46205"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50511",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50511"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45485",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45485"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47641",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47641"
    },
    {
      "published_at": "2026-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50292",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50292"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46052",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46052"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46178",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46178"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46068",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46068"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46107",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46107"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46033"
    },
    {
      "published_at": "2026-06-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46273",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46273"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46160",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46160"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46190",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46190"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46011",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46011"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46113",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46113"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46016",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46016"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46233"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46199",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46199"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45456",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50512",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50512"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46156",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46156"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46145",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46145"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46072",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46072"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46051",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46051"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46164",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46164"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46056",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46056"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46109",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46109"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46204",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46204"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46152",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46152"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46197",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46197"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46189",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46189"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46125",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46125"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46144",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46144"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46078",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46078"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43503",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43503"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45464",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45464"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46159",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46159"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45839",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45839"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45502"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46048",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46048"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46116",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46116"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45471",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45986",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45986"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45453",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45453"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46019",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46019"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46142",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46142"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45458",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45482",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45482"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-48560",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48560"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46208"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45993",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45993"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46229",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46229"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46155",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46155"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46022"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46110",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46110"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45991",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45991"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46003",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46003"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46128",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46128"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46106"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42835",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42835"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45988",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45988"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45501",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45501"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46063",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46063"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46168"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46021"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46091",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46091"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46218"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46206",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46206"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46119",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46119"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46084"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46127",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46127"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46186"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46198",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46198"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46151",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46151"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46082",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46082"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40376",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40376"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45504",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46004",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46004"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46083",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46083"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46099",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46099"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-47631",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47631"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46053"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-44819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44819"
    },
    {
      "published_at": "2026-06-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50031",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50031"
    },
    {
      "published_at": "2026-05-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-15649",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15649"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46122",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46122"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46080"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46023"
    },
    {
      "published_at": "2026-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45644",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45644"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46112",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46112"
    },
    {
      "published_at": "2026-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46069"
    },
    {
      "published_at": "2026-05-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46180",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46180"
    }
  ]
}

FKIE_CVE-2026-47292

Vulnerability from fkie_nvd - Published: 2026-06-09 17:17 - Updated: 2026-06-09 19:32

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally."
    }
  ],
  "id": "CVE-2026-47292",
  "lastModified": "2026-06-09T19:32:51.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-06-09T17:17:34.800",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "CWE-829"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

GHSA-5QVV-W9JP-W335

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30

Details

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-47292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:34Z",
    "severity": "HIGH"
  },
  "details": "Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.",
  "id": "GHSA-5qvv-w9jp-w335",
  "modified": "2026-06-09T18:30:54Z",
  "published": "2026-06-09T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47292"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-47292

Vulnerability from csaf_microsoft - Published: 2026-06-09 07:00 - Updated: 2026-06-09 07:00

Summary

Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-47292

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Visual Studio Code - MSSQL Extension 1.123.1 Visual Studio Code - MSSQL Extension		1.123.1

Known affected 1 product

Product	Identifier	Version	Remediation
Visual Studio Code - MSSQL Extension <1.123.1 Visual Studio Code - MSSQL Extension		<1.123.1	Vendor Fix fix

Threats

Impact Elevation of Privilege

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Bankde Eakasit with <a href="https://www.secure-d.tech/">Secure D Center</a>

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Bankde Eakasit with \u003ca href=\"https://www.secure-d.tech/\"\u003eSecure D Center\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
      },
      {
        "category": "self",
        "summary": "CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-47292.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2026-06-09T07:00:00.000Z",
      "generator": {
        "date": "2026-06-09T17:48:01.965Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-47292",
      "initial_release_date": "2026-06-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-09T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c1.123.1",
            "product": {
              "name": "Visual Studio Code - MSSQL Extension \u003c1.123.1",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "1.123.1",
            "product": {
              "name": "Visual Studio Code - MSSQL Extension 1.123.1",
              "product_id": "21353"
            }
          }
        ],
        "category": "product_name",
        "name": "Visual Studio Code - MSSQL Extension"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-47292",
      "cwe": {
        "id": "CWE-829",
        "name": "Inclusion of Functionality from Untrusted Control Sphere"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.",
          "title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        }
      ],
      "product_status": {
        "fixed": [
          "21353"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"
        },
        {
          "category": "self",
          "summary": "CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-47292.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T07:00:00.000Z",
          "details": "1.123.1:Security Update:https://code.visualstudio.com/updates/",
          "product_ids": [
            "1"
          ],
          "url": "https://code.visualstudio.com/updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability"
    }
  ]
}

NCSC-2026-0184

Vulnerability from csaf_ncscnl - Published: 2026-06-09 18:23 - Updated: 2026-06-09 18:23

Summary

Kwetsbaarheden verholpen in Microsoft Developer Tools

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in Developer Tools.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de categorieën schade, zoals beschreven in de onderstaande tabellen. Met uitzondering van de kwetsbaarheid in .NET core, waarvoor geen voorafgaande authenticatie of gebruikersinteractie nodig is om een Denial-of-Service te veroorzaken, moet voor succesvol misbruik de kwaadwillende lokaal toegang hebben tot het kwetsbare systeem, of het slachtoffer misleiden een malafide broncodebestand te openen en uitvoeren. ``` Visual Studio Code: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-47287 | 6.50 | Manipulatie van gegevens | | CVE-2026-47292 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-40376 | 7.50 | Verkrijgen van verhoogde rechten | | CVE-2026-47281 | 9.60 | Verkrijgen van verhoogde rechten | | CVE-2026-47284 | 6.50 | Toegang tot gevoelige gegevens | | CVE-2026-48569 | 7.10 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| GitHub Copilot and Visual Studio Code: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-45482 | 8.40 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Microsoft Live Share Canvas SDK: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-45644 | 8.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| ASP.NET Core: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-45591 | 7.50 | Denial-of-Service | |----------------|------|-------------------------------------| .NET: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-45490 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2026-45491 | 6.20 | Manipulatie van gegevens | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23: Relative Path Traversal

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-285: Improper Authorization

CWE-306: Missing Authentication for Critical Function

CWE-400: Uncontrolled Resource Consumption

CWE-522: Insufficiently Protected Credentials

CWE-798: Use of Hard-coded Credentials

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CWE-862: Missing Authorization

CVE-2026-40376

Improper input validation in Visual Studio Code enables unauthorized attackers to elevate privileges remotely over a network.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-45482

A path traversal vulnerability in GitHub Copilot and Visual Studio Code allows unauthorized local attackers to bypass directory restrictions, compromising security controls.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-45490

An improper authorization vulnerability in the .NET framework allows an authorized local attacker to escalate their privileges within the system.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-45491

An improper link resolution vulnerability in .NET allows attackers to perform unauthorized local tampering by exploiting link following before file access.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-45591

An uncontrolled resource consumption vulnerability in ASP.NET Core allows an unauthorized attacker to cause a denial of service over a network by exhausting system resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-45644

A cross-site scripting vulnerability in Microsoft Live Share Canvas SDK allows authorized attackers to elevate privileges over a network due to improper input neutralization during web page generation.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-47281

Improper input validation in Visual Studio Code enables unauthorized attackers to elevate privileges remotely over a network.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-47284

A vulnerability in Visual Studio Code allows unauthorized attackers to expose sensitive information over a network, potentially leading to data disclosure.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-47287

A relative path traversal vulnerability in Visual Studio Code enables unauthorized attackers to perform tampering over a network, potentially compromising system integrity.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-23 - Relative Path Traversal

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-47292

A vulnerability in Visual Studio Code involving inclusion of functionality from an untrusted control sphere allows unauthorized local privilege escalation by attackers.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

CVE-2026-48569

Improper input validation in Visual Studio Code allows a local unauthorized attacker to bypass a security feature, potentially compromising the application's security controls.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

CWE-23 - Relative Path Traversal

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / .NET 10.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 10.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 8.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Linux		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Mac OS		vers:unknown/*
vers:unknown/* Microsoft / .NET 9.0 installed on Windows		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 10.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 8.0		vers:unknown/*
vers:unknown/* Microsoft / ASP.NET Core 9.0		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Live Share Canvas SDK		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio 2026 version 18.6		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Visual Studio Code CoPilot Chat Extension		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code		vers:unknown/*
vers:unknown/* Microsoft / Visual Studio Code - MSSQL Extension		vers:unknown/*

References

11 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Developer Tools.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de categorie\u00ebn schade, zoals beschreven in de onderstaande tabellen.\n\nMet uitzondering van de kwetsbaarheid in .NET core, waarvoor geen voorafgaande authenticatie of gebruikersinteractie nodig is om een Denial-of-Service te veroorzaken, moet voor succesvol misbruik de kwaadwillende lokaal toegang hebben tot het kwetsbare systeem, of het slachtoffer misleiden een malafide broncodebestand te openen en uitvoeren.\n\n```\nVisual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47287 | 6.50 | Manipulatie van gegevens            | \n| CVE-2026-47292 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40376 | 7.50 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-47281 | 9.60 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-47284 | 6.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-48569 | 7.10 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45482 | 8.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nMicrosoft Live Share Canvas SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45644 | 8.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nASP.NET Core: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45591 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45490 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45491 | 6.20 | Manipulatie van gegevens            | \n|----------------|------|-------------------------------------|\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Insufficiently Protected Credentials",
        "title": "CWE-522"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Credentials",
        "title": "CWE-798"
      },
      {
        "category": "general",
        "text": "Inclusion of Functionality from Untrusted Control Sphere",
        "title": "CWE-829"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Developer Tools",
    "tracking": {
      "current_release_date": "2026-06-09T18:23:58.044638Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0184",
      "initial_release_date": "2026-06-09T18:23:58.044638Z",
      "revision_history": [
        {
          "date": "2026-06-09T18:23:58.044638Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 10.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 8.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Mac OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": ".NET 9.0 installed on Windows"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "ASP.NET Core 10.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "ASP.NET Core 8.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "ASP.NET Core 9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Live Share Canvas SDK"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Visual Studio 2026 version 18.6"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Visual Studio Code CoPilot Chat Extension"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio Code"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio Code - MSSQL Extension"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40376",
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation in Visual Studio Code enables unauthorized attackers to elevate privileges remotely over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40376 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40376.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-40376"
    },
    {
      "cve": "CVE-2026-45482",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A path traversal vulnerability in GitHub Copilot and Visual Studio Code allows unauthorized local attackers to bypass directory restrictions, compromising security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45482 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45482.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-45482"
    },
    {
      "cve": "CVE-2026-45490",
      "notes": [
        {
          "category": "description",
          "text": "An improper authorization vulnerability in the .NET framework allows an authorized local attacker to escalate their privileges within the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45490 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45490.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-45490"
    },
    {
      "cve": "CVE-2026-45491",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "An improper link resolution vulnerability in .NET allows attackers to perform unauthorized local tampering by exploiting link following before file access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45491 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45491.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-45491"
    },
    {
      "cve": "CVE-2026-45591",
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled resource consumption vulnerability in ASP.NET Core allows an unauthorized attacker to cause a denial of service over a network by exhausting system resources.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45591 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45591.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-45591"
    },
    {
      "cve": "CVE-2026-45644",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "A cross-site scripting vulnerability in Microsoft Live Share Canvas SDK allows authorized attackers to elevate privileges over a network due to improper input neutralization during web page generation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45644 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45644.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-45644"
    },
    {
      "cve": "CVE-2026-47281",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "other",
          "text": "Use of Hard-coded Credentials",
          "title": "CWE-798"
        },
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "Improper input validation in Visual Studio Code enables unauthorized attackers to elevate privileges remotely over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47281 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47281.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-47281"
    },
    {
      "cve": "CVE-2026-47284",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Visual Studio Code allows unauthorized attackers to expose sensitive information over a network, potentially leading to data disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47284 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47284.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-47284"
    },
    {
      "cve": "CVE-2026-47287",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "description",
          "text": "A relative path traversal vulnerability in Visual Studio Code enables unauthorized attackers to perform tampering over a network, potentially compromising system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47287.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-47287"
    },
    {
      "cve": "CVE-2026-47292",
      "cwe": {
        "id": "CWE-829",
        "name": "Inclusion of Functionality from Untrusted Control Sphere"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inclusion of Functionality from Untrusted Control Sphere",
          "title": "CWE-829"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "description",
          "text": "A vulnerability in Visual Studio Code involving inclusion of functionality from an untrusted control sphere allows unauthorized local privilege escalation by attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47292 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47292.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-47292"
    },
    {
      "cve": "CVE-2026-48569",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "description",
          "text": "Improper input validation in Visual Studio Code allows a local unauthorized attacker to bypass a security feature, potentially compromising the application\u0027s security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-48569 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48569.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2026-48569"
    }
  ]
}

WID-SEC-W-2026-1845

Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-09 22:00

Summary

Microsoft DeveloperTools: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Visual Studio Code ist ein Quelltext-Editor von Microsoft. Microsoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks. Microsoft .NET ist ein Software-Framework für die Entwicklung und Ausführung von Anwendungen. Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung (IDE) von Microsoft, die zum Erstellen von Anwendungen für verschiedene Plattformen verwendet wird.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio Code, Microsoft ASP.NET, Microsoft .NET und Microsoft Visual Studio 2026 ausnutzen, um Administratorrechte zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder die Authentifizierung zu umgehen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2026-40376

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-45482

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-45490

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-45491

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-45591

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-45644

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-47281

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-47284

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-47287

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-47292

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

CVE-2026-48569

Affected products

Known affected 10 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Visual Studio Code ist ein Quelltext-Editor von Microsoft. \r\nMicrosoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks.\r\nMicrosoft .NET ist ein Software-Framework f\u00fcr die Entwicklung und Ausf\u00fchrung von Anwendungen.\r\nMicrosoft Visual Studio ist eine integrierte Entwicklungsumgebung (IDE) von Microsoft, die zum Erstellen von Anwendungen f\u00fcr verschiedene Plattformen verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio Code, Microsoft ASP.NET, Microsoft .NET und Microsoft Visual Studio 2026 ausnutzen, um Administratorrechte zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder die Authentifizierung zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1845 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1845.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1845 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1845"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft DeveloperTools: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-10T06:20:57.549+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1845",
      "initial_release_date": "2026-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Microsoft .NET 10.0",
                  "product_id": "T051615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Microsoft .NET 9.0",
                  "product_id": "T051616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Microsoft .NET 8.0",
                  "product_id": "T055115",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": ".NET"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Core 8.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 8.0",
                  "product_id": "T055114",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Core 9.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 9.0",
                  "product_id": "T055122",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Core 10.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 10.0",
                  "product_id": "T055127",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_10.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ASP.NET"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 18.6",
                "product": {
                  "name": "Microsoft Visual Studio 2026 version 18.6",
                  "product_id": "T055129"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2026"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Visual Studio Code",
                "product": {
                  "name": "Microsoft Visual Studio Code",
                  "product_id": "T055113",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "CoPilot Chat Extension",
                "product": {
                  "name": "Microsoft Visual Studio Code CoPilot Chat Extension",
                  "product_id": "T055123",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:copilot_chat_extension"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "- MSSQL Extension",
                "product": {
                  "name": "Microsoft Visual Studio Code - MSSQL Extension",
                  "product_id": "T055128",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:-_mssql_extension"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio Code"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40376",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-40376"
    },
    {
      "cve": "CVE-2026-45482",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45482"
    },
    {
      "cve": "CVE-2026-45490",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45490"
    },
    {
      "cve": "CVE-2026-45491",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45491"
    },
    {
      "cve": "CVE-2026-45591",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45591"
    },
    {
      "cve": "CVE-2026-45644",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45644"
    },
    {
      "cve": "CVE-2026-47281",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47281"
    },
    {
      "cve": "CVE-2026-47284",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47284"
    },
    {
      "cve": "CVE-2026-47287",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47287"
    },
    {
      "cve": "CVE-2026-47292",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47292"
    },
    {
      "cve": "CVE-2026-48569",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "T051615",
          "T051616",
          "T055129",
          "T055128",
          "T055127",
          "T055115",
          "T055114"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-48569"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-47292 (GCVE-0-2026-47292)

CERTFR-2026-AVI-0731

Solutions

FKIE_CVE-2026-47292

GHSA-5QVV-W9JP-W335

MSRC_CVE-2026-47292

NCSC-2026-0184

WID-SEC-W-2026-1845

Tags

Sightings

Nomenclature