{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Visual Studio Code ist ein Quelltext-Editor von Microsoft. \r\nMicrosoft ASP.NET (Active Server Pages .NET) ist eine Technologie zum Erstellen dynamischer Webseiten, Webanwendungen und Webservices auf Basis des Microsoft .NET-Frameworks.\r\nMicrosoft .NET ist ein Software-Framework für die Entwicklung und Ausführung von Anwendungen.\r\nMicrosoft Visual Studio ist eine integrierte Entwicklungsumgebung (IDE) von Microsoft, die zum Erstellen von Anwendungen für verschiedene Plattformen verwendet wird.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Microsoft Visual Studio Code, Microsoft ASP.NET, Microsoft .NET und Microsoft Visual Studio 2026 ausnutzen, um Administratorrechte zu erlangen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder die Authentifizierung zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- MacOS X\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1845 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1845.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1845 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1845" }, { "category" : "external", "summary" : "Microsoft Leitfaden für Sicherheitsupdates", "url" : "https://msrc.microsoft.com/update-guide/" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25110 vom 2026-06-10", "url" : "https://access.redhat.com/errata/RHSA-2026:25110" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25111 vom 2026-06-10", "url" : "https://access.redhat.com/errata/RHSA-2026:25111" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25112 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25112" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25113 vom 2026-06-10", "url" : "https://access.redhat.com/errata/RHSA-2026:25113" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25114 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25114" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25115 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25115" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25222 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25222" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25114 vom 2026-06-12", "url" : "https://errata.build.resf.org/RLSA-2026:25114" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25113 vom 2026-06-12", "url" : "https://errata.build.resf.org/RLSA-2026:25113" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25110 vom 2026-06-12", "url" : "https://errata.build.resf.org/RLSA-2026:25110" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-25113 vom 2026-06-11", "url" : "https://linux.oracle.com/errata/ELSA-2026-25113.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-25110 vom 2026-06-11", "url" : "https://linux.oracle.com/errata/ELSA-2026-25110.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-25114 vom 2026-06-12", "url" : "https://linux.oracle.com/errata/ELSA-2026-25114.html" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-8420-1 vom 2026-06-11", "url" : "https://ubuntu.com/security/notices/USN-8420-1" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25220 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25220" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:25221 vom 2026-06-11", "url" : "https://access.redhat.com/errata/RHSA-2026:25221" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25111 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25111" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25112 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25112" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25222 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25222" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25220 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25220" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25115 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25115" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:25221 vom 2026-06-13", "url" : "https://errata.build.resf.org/RLSA-2026:25221" } ], "source_lang" : "en-US", "title" : "Microsoft DeveloperTools: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-14T22:00:00.000+00:00", "generator" : { "date" : "2026-06-15T07:40:26.364+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1845", "initial_release_date" : "2026-06-09T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-09T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-06-10T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2026-06-11T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Red Hat, Rocky Enterprise Software Foundation, Oracle Linux und Ubuntu aufgenommen" }, { "date" : "2026-06-14T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" } ], "status" : "final", "version" : "4" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "10", "product" : { "name" : "Microsoft .NET 10.0", "product_id" : "T051615", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:.net:10.0" } } }, { "category" : "product_version", "name" : "9", "product" : { "name" : "Microsoft .NET 9.0", "product_id" : "T051616", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:.net:9.0" } } }, { "category" : "product_version", "name" : "8", "product" : { "name" : "Microsoft .NET 8.0", "product_id" : "T055115", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:.net:8.0" } } } ], "category" : "product_name", "name" : ".NET" }, { "branches" : [ { "category" : "product_version", "name" : "Core 8.0", "product" : { "name" : "Microsoft ASP.NET Core 8.0", "product_id" : "T055114", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:asp.net:core_8.0" } } }, { "category" : "product_version", "name" : "Core 9.0", "product" : { "name" : "Microsoft ASP.NET Core 9.0", "product_id" : "T055122", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:asp.net:core_9.0" } } }, { "category" : "product_version", "name" : "Core 10.0", "product" : { "name" : "Microsoft ASP.NET Core 10.0", "product_id" : "T055127", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:asp.net:core_10.0" } } } ], "category" : "product_name", "name" : "ASP.NET" }, { "branches" : [ { "category" : "product_version_range", "name" : "version 18.6", "product" : { "name" : "Microsoft Visual Studio 2026 version 18.6", "product_id" : "T055129" } } ], "category" : "product_name", "name" : "Visual Studio 2026" }, { "branches" : [ { "category" : "product_name", "name" : "Microsoft Visual Studio Code", "product" : { "name" : "Microsoft Visual Studio Code", "product_id" : "T055113", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:visual_studio_code:-" } } }, { "category" : "product_version", "name" : "CoPilot Chat Extension", "product" : { "name" : "Microsoft Visual Studio Code CoPilot Chat Extension", "product_id" : "T055123", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:visual_studio_code:copilot_chat_extension" } } }, { "category" : "product_version", "name" : "- MSSQL Extension", "product" : { "name" : "Microsoft Visual Studio Code - MSSQL Extension", "product_id" : "T055128", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:visual_studio_code:-_mssql_extension" } } } ], "category" : "product_name", "name" : "Visual Studio Code" } ], "category" : "vendor", "name" : "Microsoft" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "RESF Rocky Linux", "product" : { "name" : "RESF Rocky Linux", "product_id" : "T032255", "product_identification_helper" : { "cpe" : "cpe:/o:resf:rocky_linux:-" } } } ], "category" : "vendor", "name" : "RESF" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "Ubuntu Linux", "product" : { "name" : "Ubuntu Linux", "product_id" : "T000126", "product_identification_helper" : { "cpe" : "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category" : "vendor", "name" : "Ubuntu" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-40376", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-40376" }, { "cve" : "CVE-2026-45482", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-45482" }, { "cve" : "CVE-2026-45490", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-45490" }, { "cve" : "CVE-2026-45491", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-45491" }, { "cve" : "CVE-2026-45591", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-45591" }, { "cve" : "CVE-2026-45644", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-45644" }, { "cve" : "CVE-2026-47281", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-47281" }, { "cve" : "CVE-2026-47284", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-47284" }, { "cve" : "CVE-2026-47287", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-47287" }, { "cve" : "CVE-2026-47292", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-47292" }, { "cve" : "CVE-2026-48569", "product_status" : { "known_affected" : [ "T055113", "T055123", "T055122", "67646", "T055129", "T004914", "T055128", "T032255", "T055127", "T055115", "T055114", "T051615", "T051616", "T000126" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-48569" } ] }