Jun 2026: Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-48569 Published on June 9, 2026
Visual Studio Code Security Feature Bypass Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Weakness Types
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Products Associated with CVE-2026-48569
Want to know whenever a new CVE is published for Microsoft Visual Studio Code? stack.watch will email you.
Affected Versions
Microsoft Visual Studio Code:- Version 1.0.0 and below 1.119.1 is affected.