VYPR
High severity7.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-41611

CVE-2026-41611

Description

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

2