CVE-2026-48569

Published: Jun 9, 2026Modified: Jun 12, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Affected (1)

Products: Microsoft: Visual Studio Code

1 product

Visual Studio Code

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Visual Studio Code	From 1.0.0 to 1.123.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.