CVE-2026-41611
published 2026-05-12CVE-2026-41611: Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
low3.3CVSS 3.1
AVLACLPRNUIRSUCLINAN
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code | < 1.119.1 | 1.119.1 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.119.1 | 1.119.1 |