Relative Path Traversal Vulnerability in Visual Studio Code by Microsoft
CVE-2026-41612

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Visual Studio Code - Live Preview Extension
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41612?

A relative path traversal vulnerability in Visual Studio Code permits unauthorized attackers to gain access to sensitive information from the local file system. This issue can lead to potential data leaks and increases the risk of exploitation in environments where Visual Studio Code is utilized, emphasizing the need for urgent remedial actions.

Affected Version(s)

Visual Studio Code - Live Preview extension 0.4.0 < 0.4.19

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 21, 2026

CVE-2026-41612 Data

JSON