Visual Studio Code

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-41610	Visual Studio Code Visual Studio Code	Med	0.41	6.3	May 12, 2026	Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41612	Visual Studio Code Visual Studio Code	Med	0.36	5.5	May 12, 2026	Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2025-65715	Visual Studio Code Visual Studio Code		0.00	—	Feb 16, 2026	An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.

CVE-2026-41610MedMay 12, 2026
Visual Studio Code
Visual Studio Code
risk 0.41cvss 6.3epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41612MedMay 12, 2026
Visual Studio Code
Visual Studio Code
risk 0.36cvss 5.5epss 0.00
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2025-65715Feb 16, 2026
Visual Studio Code
Visual Studio Code
risk 0.00cvss —epss 0.00
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.