Microsoft Visual Studio Code
53 CVEs affecting Microsoft Visual Studio Code. Latest disclosed: 2026-05-12. Critical: 0, High: 40.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41613 | High | 8.8 | 2026-05-12 | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-41109 | High | 8.8 | 2026-05-12 | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized a… |
CVE-2026-21518 | High | 8.8 | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to… |
CVE-2025-55319 | High | 8.8 | 2025-09-12 | Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. |
CVE-2024-43488 | High | 8.8 | 2024-10-08 | Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution th… |
CVE-2024-26165 | High | 8.8 | 2024-03-12 | Visual Studio Code Elevation of Privilege Vulnerability |
CVE-2022-30129 | High | 8.8 | 2022-05-10 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2022-21991 | High | 8.1 | 2022-02-09 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
CVE-2026-21523 | High | 8.0 | 2026-02-10 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. |
CVE-2025-64660 | High | 8.0 | 2025-11-20 | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
CVE-2026-41611 | High | 7.8 | 2026-05-12 | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. |
CVE-2023-36742 | High | 7.8 | 2023-09-12 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2023-24893 | High | 7.8 | 2023-04-11 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2023-21779 | High | 7.8 | 2023-01-10 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2022-41034 | High | 7.8 | 2022-10-11 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2021-43891 | High | 7.8 | 2021-12-15 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2021-42322 | High | 7.8 | 2021-11-10 | Visual Studio Code Elevation of Privilege Vulnerability |
CVE-2021-34529 | High | 7.8 | 2021-07-14 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2021-34528 | High | 7.8 | 2021-07-14 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2021-34479 | High | 7.8 | 2021-07-14 | Microsoft Visual Studio Spoofing Vulnerability |