CVE-2025-26631
published 2025-03-11CVE-2025-26631: Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code | < 1.98.0 | 1.98.0 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.98.0 | 1.98.0 |
| msrc | visual_studio_code | — | — |