CVE-2026-25784

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

I just got mass-mentioned in a GitHub Discussion claiming a "Severe Exploit" in Visual Studio Code.

This is almost certainly a scam / malware attempt. Here’s why:

Suspicious link: https://share.google/(not showing you the actual link) is not an official Microsoft or VS Code domain.
Fake CVE format: CVE-2026-25784-91046 CVEs don’t look like this (should be something like CVE-2026-12345).
Extremely broad affected versions: [1.0.0-1.112.4] real advisories are more specific.
Poor wording: phrases like “produce to” and “customer systems” are not how Microsoft writes security reports.
Newly created account: Created 2 weeks ago, almost no activity.
Mass pinging dozens of developers: classic panic + malware distribution tactic.

The link doesn’t work (tested), but it likely should lead to malicious downloads.

Do NOT download anything from it.

If this were real, Microsoft would announce it via official channels like https://code.visualstudio.com/ or https://msrc.microsoft.com/

Stay safe and double-check before installing "emergency updates".

If you were tagged in a similar post - report it, so we can erase these scams from existence!

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-25784

Undefined