Vulnerability-Lookup

WID-SEC-W-2026-1845

Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-17 22:00

Summary

Microsoft DeveloperTools: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Visual Studio Code ist ein Quelltext-Editor von Microsoft. Microsoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks. Microsoft .NET ist ein Software-Framework für die Entwicklung und Ausführung von Anwendungen. Microsoft Visual Studio ist eine integrierte Entwicklungsumgebung (IDE) von Microsoft, die zum Erstellen von Anwendungen für verschiedene Plattformen verwendet wird.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio Code, Microsoft ASP.NET, Microsoft .NET und Microsoft Visual Studio 2026 ausnutzen, um Administratorrechte zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder die Authentifizierung zu umgehen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2026-40376

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-45482

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-45490

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-45491

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-45591

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-45644

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-47281

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-47284

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-47287

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-47292

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

CVE-2026-48569

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Visual Studio Code Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-`	—
Microsoft Visual Studio Code CoPilot Chat Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:copilot_chat_extension`	CoPilot Chat Extension
Microsoft ASP.NET Core 9.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_9.0`	Core 9.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Microsoft Visual Studio 2026 version 18.6 Microsoft / Visual Studio 2026		version 18.6
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Microsoft Visual Studio Code - MSSQL Extension Microsoft / Visual Studio Code	`cpe:/a:microsoft:visual_studio_code:-_mssql_extension`	- MSSQL Extension
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Microsoft ASP.NET Core 10.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_10.0`	Core 10.0
Microsoft .NET 8.0 Microsoft / .NET	`cpe:/a:microsoft:.net:8.0`	8
Microsoft ASP.NET Core 8.0 Microsoft / ASP.NET	`cpe:/a:microsoft:asp.net:core_8.0`	Core 8.0
Microsoft .NET 10.0 Microsoft / .NET	`cpe:/a:microsoft:.net:10.0`	10
Microsoft .NET 9.0 Microsoft / .NET	`cpe:/a:microsoft:.net:9.0`	9
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

References

27 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external
https://access.redhat.com/errata/RHSA-2026:25110	external
https://access.redhat.com/errata/RHSA-2026:25111	external
https://access.redhat.com/errata/RHSA-2026:25112	external
https://access.redhat.com/errata/RHSA-2026:25113	external
https://access.redhat.com/errata/RHSA-2026:25114	external
https://access.redhat.com/errata/RHSA-2026:25115	external
https://access.redhat.com/errata/RHSA-2026:25222	external
https://errata.build.resf.org/RLSA-2026:25114	external
https://errata.build.resf.org/RLSA-2026:25113	external
https://errata.build.resf.org/RLSA-2026:25110	external
https://linux.oracle.com/errata/ELSA-2026-25113.html	external
https://linux.oracle.com/errata/ELSA-2026-25110.html	external
https://linux.oracle.com/errata/ELSA-2026-25114.html	external
https://ubuntu.com/security/notices/USN-8420-1	external
https://access.redhat.com/errata/RHSA-2026:25220	external
https://access.redhat.com/errata/RHSA-2026:25221	external
https://errata.build.resf.org/RLSA-2026:25111	external
https://errata.build.resf.org/RLSA-2026:25112	external
https://errata.build.resf.org/RLSA-2026:25222	external
https://errata.build.resf.org/RLSA-2026:25220	external
https://errata.build.resf.org/RLSA-2026:25115	external
https://errata.build.resf.org/RLSA-2026:25221	external
https://access.redhat.com/errata/RHSA-2026:26638	external
https://access.redhat.com/errata/RHSA-2026:26994	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Visual Studio Code ist ein Quelltext-Editor von Microsoft. \r\nMicrosoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks.\r\nMicrosoft .NET ist ein Software-Framework f\u00fcr die Entwicklung und Ausf\u00fchrung von Anwendungen.\r\nMicrosoft Visual Studio ist eine integrierte Entwicklungsumgebung (IDE) von Microsoft, die zum Erstellen von Anwendungen f\u00fcr verschiedene Plattformen verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio Code, Microsoft ASP.NET, Microsoft .NET und Microsoft Visual Studio 2026 ausnutzen, um Administratorrechte zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder die Authentifizierung zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1845 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1845.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1845 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1845"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25110 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:25110"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25111 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:25111"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25112 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25112"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25113 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:25113"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25114 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25114"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25115 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25115"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25222 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25222"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25114 vom 2026-06-12",
        "url": "https://errata.build.resf.org/RLSA-2026:25114"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25113 vom 2026-06-12",
        "url": "https://errata.build.resf.org/RLSA-2026:25113"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25110 vom 2026-06-12",
        "url": "https://errata.build.resf.org/RLSA-2026:25110"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-25113 vom 2026-06-11",
        "url": "https://linux.oracle.com/errata/ELSA-2026-25113.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-25110 vom 2026-06-11",
        "url": "https://linux.oracle.com/errata/ELSA-2026-25110.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-25114 vom 2026-06-12",
        "url": "https://linux.oracle.com/errata/ELSA-2026-25114.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8420-1 vom 2026-06-11",
        "url": "https://ubuntu.com/security/notices/USN-8420-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25220 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25220"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25221 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25221"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25111 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25111"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25112 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25112"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25222 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25222"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25220 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25220"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25115 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25115"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:25221 vom 2026-06-13",
        "url": "https://errata.build.resf.org/RLSA-2026:25221"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26638 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26638"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26994 vom 2026-06-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:26994"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft DeveloperTools: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-17T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-18T08:31:57.564+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1845",
      "initial_release_date": "2026-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat, Rocky Enterprise Software Foundation, Oracle Linux und Ubuntu aufgenommen"
        },
        {
          "date": "2026-06-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-17T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Microsoft .NET 10.0",
                  "product_id": "T051615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Microsoft .NET 9.0",
                  "product_id": "T051616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Microsoft .NET 8.0",
                  "product_id": "T055115",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:.net:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": ".NET"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Core 8.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 8.0",
                  "product_id": "T055114",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Core 9.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 9.0",
                  "product_id": "T055122",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Core 10.0",
                "product": {
                  "name": "Microsoft ASP.NET Core 10.0",
                  "product_id": "T055127",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:asp.net:core_10.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ASP.NET"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "version 18.6",
                "product": {
                  "name": "Microsoft Visual Studio 2026 version 18.6",
                  "product_id": "T055129"
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio 2026"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Visual Studio Code",
                "product": {
                  "name": "Microsoft Visual Studio Code",
                  "product_id": "T055113",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "CoPilot Chat Extension",
                "product": {
                  "name": "Microsoft Visual Studio Code CoPilot Chat Extension",
                  "product_id": "T055123",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:copilot_chat_extension"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "- MSSQL Extension",
                "product": {
                  "name": "Microsoft Visual Studio Code - MSSQL Extension",
                  "product_id": "T055128",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:visual_studio_code:-_mssql_extension"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Visual Studio Code"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40376",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-40376"
    },
    {
      "cve": "CVE-2026-45482",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45482"
    },
    {
      "cve": "CVE-2026-45490",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45490"
    },
    {
      "cve": "CVE-2026-45491",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45491"
    },
    {
      "cve": "CVE-2026-45591",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45591"
    },
    {
      "cve": "CVE-2026-45644",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45644"
    },
    {
      "cve": "CVE-2026-47281",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47281"
    },
    {
      "cve": "CVE-2026-47284",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47284"
    },
    {
      "cve": "CVE-2026-47287",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47287"
    },
    {
      "cve": "CVE-2026-47292",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-47292"
    },
    {
      "cve": "CVE-2026-48569",
      "product_status": {
        "known_affected": [
          "T055113",
          "T055123",
          "T055122",
          "67646",
          "T055129",
          "T004914",
          "T055128",
          "T032255",
          "T055127",
          "T055115",
          "T055114",
          "T051615",
          "T051616",
          "T000126"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-48569"
    }
  ]
}

CVE-2026-48569 (GCVE-0-2026-48569)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-06-19 20:29

Title

Visual Studio Code Security Feature Bypass Vulnerability

Summary

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation
CWE-23 - Relative Path Traversal

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
Microsoft	Visual Studio Code	Affected: 1.0.0 , < 1.123.2 (custom)

Date Public

2026-06-09 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48569",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T17:50:13.759971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T17:50:22.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Visual Studio Code",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.123.2",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.123.2",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T20:29:07.270Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Code Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569"
        }
      ],
      "title": "Visual Studio Code Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-48569",
    "datePublished": "2026-06-09T17:05:53.588Z",
    "dateReserved": "2026-05-21T20:00:35.245Z",
    "dateUpdated": "2026-06-19T20:29:07.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1845

CVE-2026-48569 (GCVE-0-2026-48569)

Tags

Sightings

Nomenclature