Primary

Context

Visual Studio Code Improper Input Validation Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability in Visual Studio Code has been identified, allowing an unauthorized attacker to elevate privileges over a network due to improper input validation. This issue affects Visual Studio Code version 1.119.1.

Impact

Exploitation of this vulnerability could allow an attacker to gain the permissions associated with the MCP Server's managed identity, potentially accessing resources that the identity is authorized to reach. However, this does not extend to broader tenant-level or administrator permissions.

Remediation

Users can download the security update for Visual Studio Code from the Visual Studio Code website. For more information, refer to the release notes.

Added: Jun 9, 2026, 8:20 PM

Updated: Jun 9, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

4.2

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

4.2

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Visual Studio Code Improper Input Validation Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating