8.1
CVE-2026-40376
- EPSS 0.67%
- Veröffentlicht 09.06.2026 17:17:06
- Zuletzt bearbeitet 11.06.2026 18:56:11
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio Code Version >= 1.0.0 < 1.123.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.472 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@microsoft.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40376