VYPR
High severity8.0NVD Advisory· Published May 13, 2025· Updated Jun 17, 2026

CVE-2025-26646

CVE-2025-26646

Description

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.Build.Tasks.CoreNuGet
>= 15.8.166, < 15.9.3015.9.30
Microsoft.Build.Tasks.CoreNuGet
>= 16.0.461, < 16.11.616.11.6
Microsoft.Build.Tasks.CoreNuGet
>= 17.0.0, < 17.8.2917.8.29
Microsoft.Build.Tasks.CoreNuGet
>= 17.9.5, < 17.10.2917.10.29
Microsoft.Build.Tasks.CoreNuGet
>= 17.11.4, < 17.12.3617.12.36
Microsoft.Build.Tasks.CoreNuGet
>= 17.12.6, < 17.13.2617.13.26
Microsoft.Build.Tasks.CoreNuGet
>= 17.13.9, < 17.14.817.14.8

Affected products

82

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.