Description
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Published: 2026-06-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper input validation in Visual Studio Code can allow an unauthorized local attacker to bypass a security feature, potentially granting access to restricted capabilities or modifying application behavior. This vulnerability maps to CWE-20 and CWE-23, indicating fundamental weaknesses in input handling and path traversal that can be exploited when user input is not properly sanitized.

Affected Systems

The affected product is Microsoft Visual Studio Code. Version details are not disclosed in the current advisory, so all released builds may be susceptible until an official patch is issued.

Risk and Exploitability

The CVSS score of 7.1 denotes high severity, although the EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation. Based on the description, the likely attack vector is local, requiring the attacker to have user access on the target machine. While remote exploitation is not documented, local privilege escalation or abuse of the bypass could still pose a significant risk to affected users.

Generated by OpenCVE AI on June 9, 2026 at 20:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the most recent Visual Studio Code update that resolves CVE-2026-48569.
  • If an update is not yet available, restrict access to the affected functionality by disabling related extensions or disabling the security feature via configuration.
  • Follow secure coding practices by validating all paths and inputs before use.

Generated by OpenCVE AI on June 9, 2026 at 20:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Title Visual Studio Code Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft visual Studio Code
Weaknesses CWE-20
CWE-23
CPEs cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft visual Studio Code
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Visual Studio Code
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T17:55:20.752Z

Reserved: 2026-05-21T20:00:35.245Z

Link: CVE-2026-48569

cve-icon Vulnrichment

Updated: 2026-06-09T17:50:17.912Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:45.527

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-48569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses