May 2026: Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-41610 Published on May 12, 2026
Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Weakness Types
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-41610 has been classified to as a XSS vulnerability or weakness.
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2026-41610 has been classified to as an insecure temporary file vulnerability or weakness.
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-41610 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-41610
Want to know whenever a new CVE is published for Microsoft Visual Studio Code? stack.watch will email you.
Affected Versions
Microsoft Visual Studio Code:- Version 1.0.0 and below 1.119.1 is affected.