Improper Input Validation in Visual Studio Code by Microsoft
CVE-2026-40376

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-40376?

An improper input validation flaw in Visual Studio Code enables unauthorized attackers to escalate their privileges over a network. This vulnerability can potentially allow malicious actors to gain elevated access to resources that are otherwise restricted, posing significant risks to system security and integrity. Users are encouraged to implement patches and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Visual Studio Code 1.0.0 < 1.123.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Apr 11, 2026

CVE-2026-40376 Data

JSON