Description
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Published: 2026-06-09
Score: 9.6 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Visual Studio Code contains an improper input validation flaw that permits an attacker to elevate their privileges on the system. The weakness involves unauthorized modification, bypassing authentication, and lack of required authorization checks, as indicated by the related weaknesses. The vulnerability could therefore grant an attacker higher privileges than intended, potentially enabling further malicious activity.

Affected Systems

The affected product is Microsoft Visual Studio Code. No specific version information is provided, so all current releases are potentially impacted.

Risk and Exploitability

The issue has a CVSS score of 9.6, indicating critical severity. While there is no EPSS score available, the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could exploit this over a network connection, though the exact conditions and prerequisites are not detailed in the available data.

Generated by OpenCVE AI on June 9, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Microsoft Visual Studio Code release that contains the fix for CVE-2026-47281
  • Disable or restrict any remote debugging or extension features that allow external input to the vulnerable component
  • Ensure that only authenticated and authorized users have network access to the machine running Visual Studio Code to prevent unauthorized input

Generated by OpenCVE AI on June 9, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Title Visual Studio Code Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft visual Studio Code
Weaknesses CWE-306
CWE-798
CWE-862
CPEs cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft visual Studio Code
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Visual Studio Code
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:50:58.460Z

Reserved: 2026-05-18T23:53:33.896Z

Link: CVE-2026-47281

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:33.950

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-47281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:45:05Z

Weaknesses