Primary

Context

Visual Studio Code Relative Path Traversal Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A relative path traversal vulnerability has been identified in Visual Studio Code. This issue allows an unauthorized attacker to disclose local information by exploiting the vulnerability to gain unauthorized access to the file system, specifically file path information. The vulnerability arises from improper validation of file paths, which could be manipulated to traverse directories and access restricted files.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to access sensitive file system data.

Remediation

Users are advised to update to the latest version of the Visual Studio Code Live Preview extension, available on the Visual Studio Marketplace.

Added: May 12, 2026, 7:16 PM

Updated: May 12, 2026, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Visual Studio Code Relative Path Traversal Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating