Relative Path Traversal in Visual Studio Code by Microsoft
CVE-2026-47287

6.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Visual Studio Code
Vendor
CVE Published:
9 June 2026

What is CVE-2026-47287?

A relative path traversal vulnerability in Visual Studio Code enables attackers to manipulate and tamper with files over a network connection. By exploiting this flaw, unauthorized users can gain access to sensitive resources, posing significant security risks. Users are advised to update their software to mitigate potential threats and safeguard their data.

Affected Version(s)

Visual Studio Code 1.0.0 < 1.123.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.