Visual Studio Code

CVEs (7)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-47281	Microsoft Visual Studio Code	Cri	0.62	9.6	—	Jun 9, 2026	Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45482	Microsoft Visual Studio Code	Hig	0.55	8.4	—	Jun 9, 2026	Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-47292	Microsoft Visual Studio Code	Hig	0.51	7.8	—	Jun 9, 2026	Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40376	Microsoft Visual Studio Code	Hig	0.49	7.5	—	Jun 9, 2026	Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-48569	Microsoft Visual Studio Code	Hig	0.46	7.1	—	Jun 9, 2026	Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-47287	Microsoft Visual Studio Code	Med	0.42	6.5	—	Jun 9, 2026	Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47284	Microsoft Visual Studio Code	Med	0.42	6.5	—	Jun 9, 2026	Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

CVE-2026-47281CriJun 9, 2026
Microsoft
Visual Studio Code
risk 0.62cvss 9.6epss —
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45482HigJun 9, 2026
Microsoft
Visual Studio Code
risk 0.55cvss 8.4epss —
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-47292HigJun 9, 2026
Microsoft
Visual Studio Code
risk 0.51cvss 7.8epss —
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40376HigJun 9, 2026
Microsoft
Visual Studio Code
risk 0.49cvss 7.5epss —
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-48569HigJun 9, 2026
Microsoft
Visual Studio Code
risk 0.46cvss 7.1epss —
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-47287MedJun 9, 2026
Microsoft
Visual Studio Code
risk 0.42cvss 6.5epss —
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47284MedJun 9, 2026
Microsoft
Visual Studio Code
risk 0.42cvss 6.5epss —
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.