Primary

Context

Visual Studio Code Session Fixation Vulnerability Allowing Privilege Elevation

Vulnerability

Patched

A session fixation vulnerability has been identified in Visual Studio Code, allowing unauthorized attackers to elevate privileges over a network. This vulnerability affects Visual Studio Code versions prior to 1.119.1.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege elevation, allowing an attacker to gain access to resources and perform actions associated with the compromised managed identity on the MCP Server.

Remediation

Users are advised to update to Visual Studio Code version 1.119.1 or later. The security update is available for download from the Visual Studio Code website.

Added: May 12, 2026, 7:16 PM

Updated: May 12, 2026, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Visual Studio Code Session Fixation Vulnerability Allowing Privilege Elevation

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating