7.1
CVE-2026-48569
- EPSS 0.35%
- Veröffentlicht 09.06.2026 17:17:45
- Zuletzt bearbeitet 12.06.2026 16:57:37
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Visual Studio Code Security Feature Bypass Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio Code Version >= 1.0.0 < 1.123.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| secure@microsoft.com | 7.1 | 1.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569