{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/visual-studio-code/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-41611"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Visual Studio Code"],"_cs_severities":["high"],"_cs_tags":["cve","xss","visual-studio-code","html-injection"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41611 describes a cross-site scripting (XSS) vulnerability affecting Visual Studio Code. The vulnerability stems from the improper neutralization of script-related HTML tags within a web page rendered by the application. This allows an attacker to inject malicious scripts that can be executed locally within the context of the user\u0026rsquo;s Visual Studio Code instance. Successful exploitation could lead to information disclosure, modification of VS Code settings, or potentially even arbitrary code execution depending on the privileges of the user. Defenders should apply the appropriate patches released by Microsoft to remediate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious HTML page containing script-related HTML tags (e.g., \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e, \u003ccode\u003e\u0026lt;svg onload\u0026gt;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker entices a user to open the malicious HTML page within Visual Studio Code or a component rendering HTML within VS Code.\u003c/li\u003e\n\u003cli\u003eVisual Studio Code improperly neutralizes the script-related HTML tags.\u003c/li\u003e\n\u003cli\u003eThe injected script executes within the context of the Visual Studio Code application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to read sensitive information, such as environment variables, file contents, or VS Code settings.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies VS Code settings to further compromise the system or gain persistence.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code within the VS Code process.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges or compromises other systems on the network, depending on the user\u0026rsquo;s permissions and network configuration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41611 can lead to local code execution within the context of the Visual Studio Code application. This can result in the theft of sensitive information, modification of VS Code settings, and potentially complete system compromise depending on the privileges of the user. The number of potential victims is dependent on the adoption rate of Visual Studio Code.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch released by Microsoft to remediate CVE-2026-41611, as referenced in the \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41611\"\u003eMicrosoft advisory\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious process execution originating from Visual Studio Code to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEducate users about the dangers of opening untrusted HTML files within Visual Studio Code.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:52:47Z","date_published":"2026-05-12T18:52:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41611-xss/","summary":"CVE-2026-41611 is a cross-site scripting (XSS) vulnerability in Visual Studio Code that allows an attacker to execute code locally due to improper neutralization of script-related HTML tags.","title":"CVE-2026-41611: Visual Studio Code XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-41611-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Visual-Studio-Code","version":"https://jsonfeed.org/version/1.1"}