PT-2026-48026 · Microsoft · Visual Studio Code - Mssql Extension
Published
2026-06-09
·
Updated
2026-06-09
·
CVE-2026-47292
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Visual Studio Code - Mssql Extension