Flaws in popular VSCode extensions expose developers to attacks

• Flaws in popular VSCode extensions expose developers to attacks February 17, 2026 04:27 PM 0 Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. • The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). • Researchers at application security company Ox Security discovered the flaws and tried to disclose them since June 2025. • However, the researchers say that no maintainer responded. • Remote code execution in IDE VSCode extensions are add-ons that expand the functionality of Microsoft’s integrated development environment (IDE). • They can add language support, debugging tools, themes, and other functionality or customization options.

Article Summaries:

• Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). Researchers at application security company Ox Security discovered the flaws and tried to disclose them since June 2025. However, the researchers say that no maintainer re
• Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. “Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organiza
• Cybersecurity researchers have identified critical vulnerabilities in four widely used Visual Studio Code extensions-Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview-collectively installed over 125 million times. The flaws, rated CVSS 7.8-9.1, allow attackers to exfiltrate local files or execute arbitrary code via malicious websites or crafted markdown files. Three vulnerabilities remain unpatched (CVE‑2025‑65717, CVE‑2025‑65716, CVE‑2025‑65715), while Microsoft silently fixed the Live Preview issue in version 0.4.16. OX Security recommends disabling or uninstalling non‑essential extensions, hardening local networks, and keeping extensions up to date to mitigate the risk.

Sources:

• https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
• https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html