63 matches found
CVE-2026-21523
CVE-2026-21523 is a time-of-check time-of-use (TOCTOU) race condition impacting GitHub Copilot and Visual Studio . An authorized attacker could execute code over a network. The issued CVSS 3.1 score is 8.0 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: Low , User I...
CVE-2026-41613
CVE-2026-41613 involves session fixation in Visual Studio Code that allows an unauthorized attacker to elevate privileges over a network. The connected sources corroborate the affected product as Visual Studio Code and describe the impact as privilege elevation via network access. The available d...
CVE-2026-47292
CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...
CVE-2018-0597
CVE-2018-0597 is an untrusted search path vulnerability in the Visual Studio Code installer. A malicious DLL located in the same directory as the installer can be loaded, enabling arbitrary code execution with the privileges of the invoking user. Affected component: the VS Code installer; root ca...
CVE-2026-41611
Technical details about CVE-2026-41611 are not provided in the supplied documents. No specifics on affected versions, root cause, or remediation are included. Monitor for updates from official sources.
CVE-2026-41610
Technical details about CVE-2026-41610 are not publicly available in the provided documents. Monitor for updates from official sources (e.g., vendor advisories, CVE records) for affected products, remediation steps, or confirmed exploit information.
CVE-2026-41109
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2025-62453
CVE-2025-62453 affects GitHub Copilot and Visual Studio Code due to improper validation of generative AI output, enabling an authorized local attacker to bypass a security feature. Multiple sources corroborate a security feature bypass vulnerability in Visual Studio Code and Copilot Chat, with im...
CVE-2026-47287
CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...
CVE-2026-40376
CVE-2026-40376 affects Visual Studio Code. The root cause is improper input validation, enabling an unauthorized network-based user to elevate privileges. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector, high impact on confidentiality, integrity, and availability; user interacti...
CVE-2026-45482
CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...
CVE-2026-47284
Technical details about CVE-2026-47284 are not publicly available in the provided documents. No affected product versions, root cause, or remediation are specified. Monitor for updates.
CVE-2026-48569
CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...