Visual Studio 2026 version 18.7.4 released



 Visual Studio 2026 release notes:

Released on July 14, 2026.

Top bug fixes​
From the community​
Updated MinGit to version 2.54.0.2
C++ IntelliSense in v145 flags unresolved includes and false syntax errorsFeedback ticket


Security advisories addressed​
CVE​
Description​
.NET Elevation of Privilege VulnerabilityCVE-2026-47300An elevation of privilege vulnerability exists in the ASP.NET Core Negotiate authentication handler where the LdapAdapter does not properly validate LDAP queries, allowing an authenticated attacker to bypass authorization checks.
.NET Elevation of Privilege VulnerabilityCVE-2026-47303An elevation of privilege vulnerability exists in the ASP.NET Core Negotiate authentication handler where the LdapAdapter confuses CN and sAMAccountName identifiers, allowing an authenticated attacker to impersonate another user.
.NET Denial of Service VulnerabilityCVE-2026-47302A denial of service vulnerability exists in .NET XML processing where EncryptedXml handling and duplicate-attribute parsing in XmlTextReader cause uncontrolled resource consumption.
.NET Security Feature Bypass VulnerabilityCVE-2026-47304A security feature bypass vulnerability exists in the .NET XML encryption implementation (System.Security.Cryptography.Xml), allowing an attacker to forge XML signatures via an empty HMAC and bypass signature protections.
.NET Denial of Service VulnerabilityCVE-2026-50524A denial of service vulnerability exists in .NET where malformed TLS packets during the System.Net.Security SslStream handshake cause the application to crash or become unresponsive.
.NET Security Feature Bypass VulnerabilityCVE-2026-50528A security feature bypass vulnerability exists in .NET where the System.Net.Security SslStream implementation ignores channel binding, allowing an attacker to bypass authorization checks during secure communication.
.NET Denial of Service VulnerabilityCVE-2026-50525A denial of service vulnerability exists in the .NET XML encryption implementation (System.Security.Cryptography.Xml) where a crafted XML transform chain causes uncontrolled resource consumption.
.NET Denial of Service VulnerabilityCVE-2026-50648A denial of service vulnerability exists in the .NET XML encryption implementation (System.Security.Cryptography.Xml) where crafted encrypted XML causes uncontrolled resource consumption.
.NET Denial of Service VulnerabilityCVE-2026-50527A denial of service vulnerability exists in the .NET XML encryption implementation (System.Security.Cryptography.Xml) where improperly validated input leads to a stack-based buffer overflow.
.NET Tampering VulnerabilityCVE-2026-50526A tampering vulnerability exists in the .NET SDK container image build process where a predictable, world-writable cache location allows a local attacker to inject malicious blobs into container images built by other users on the same machine.
.NET Denial of Service VulnerabilityCVE-2026-50651A denial of service vulnerability exists in .NET where an attacker can flood SocketsHttpHandler HTTP/2 connections with SETTINGS and PING ACK frames, causing an out-of-memory condition in Http2Connection.
.NET Spoofing VulnerabilityCVE-2026-50659A spoofing vulnerability exists in the .NET SMTP client (System.Net.Mail) where SMTP command smuggling via CRLF sequences split across buffers allows injection of arbitrary email commands.
.NET Remote Code Execution VulnerabilityCVE-2026-50646A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) when parsing specially crafted XAML input, allowing an attacker to execute arbitrary code in the context of the current user.
.NET Remote Code Execution VulnerabilityCVE-2026-50649A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) when parsing specially crafted XAML input, allowing an attacker to execute arbitrary code in the context of the current user.
.NET Elevation of Privilege VulnerabilityCVE-2026-50650An elevation of privilege vulnerability exists in Windows Presentation Foundation (WPF) when parsing specially crafted XAML input, allowing an attacker to elevate privileges on the affected system.
Visual Studio Remote Code Execution VulnerabilityCVE-2026-47305A remote code execution vulnerability exists in Visual Studio where a Mark-of-the-Web (MOTW) bypass allows a crafted .vcxproj InitialTargets or PreBuildEvent to execute project commands when a solution is opened.


 Source:


Downloads:
 
That's weird. I'm getting 18.8.0.


Edit: Aye, tis true.

VS-18.8.0.webp
 
Last edited:

My Computer My Computer

At a glance

I'm off Windows at home.
OS
I'm off Windows at home.
Back
Top Bottom