CVE-2026-47305 - Visual Studio Remote Code Execution Vulnerability - is a protection mechanism failure in Visual Studio that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8. The vector is LOCAL, requires no privileges but does require user interaction, and has HIGH confidentiality, integrity, and availability impact. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. Because the attack path is local and user interaction is required, enterprise risk is lower than for network-reachable, no-interaction flaws, but it remains significant for systems where users can be induced to run or open affected content in Visual Studio. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; vector context is LOCAL, LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High severity by CVSS, but real-world enterprise risk is reduced by the local-only vector and required user interaction; this is less urgent than a network-exposed, unauthenticated issue. - Patch status: available; customer action required. Affected systems: - No affected products listed in the source data.