CVE-2026-41611

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Fix

XSS

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79CWE-77

Related Identifiers

CVE-2026-41611

Affected Products

Visual Studio Code

CVE-2026-41611

Weakness Enumeration

Related Identifiers

Affected Products

References · 2