CVE-2026-47281

Critical · CVSS 9.6

Visual Studio Code — Improper Input Validation leading to Privilege Escalation (Missing Authentication / Hard-coded Credentials / Missing Authorization)

CVSS: 9.6; nvd
EPSS: 0.39%; 31th pct
KEV: No
Class: other; CWE-306, CWE-798, CWE-862

Description

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Search profile — drives PoC discovery

Symbols CWE-306CWE-798CWE-862privilege escalationimproper input validationmissing authenticationhard-coded credentialsmissing authorizationVS Codevscode

Keywords CVE-2026-47281Visual Studio CodeVSCode privilege escalationVSCode missing authenticationVSCode hard-coded credentialsVSCode missing authorizationVSCode network privilege escalationVSCode CWE-306VSCode CWE-798VSCode CWE-862VSCode improper input validationMSRC CVE-2026-47281

Versions: <UNKNOWN>

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47281

Status: enriched · ingested 2026-06-15T18:00:58.000Z · profiled 2026-06-16T18:20:23.035Z