CVE-2026-41610
published 2026-05-12CVE-2026-41610: Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security…
medium5CVSS 3.1
AVLACLPRNUIRSCCLILAN
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code | < 1.119.1 | 1.119.1 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.119.1 | 1.119.1 |