You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-40376
About this tag
CVE-2026-40376 is an Important-rated Visual Studio Code elevation-of-privilege vulnerability disclosed by Microsoft on June 9, 2026. It involves improper input validation that could allow an unauthorized network attacker to gain the permissions of an MCP Server's managed identity. The vulnerability is fixed in VS Code version 1.119.1. Discussions on WindowsForum highlight that this CVE reflects a broader attack surface emerging around agentic development tools, where VS Code acts as a broker between developers, AI agents, network services, and cloud identities. Users are advised to patch promptly and audit MCP managed identity risks.
Microsoft disclosed CVE-2026-40376 on June 9, 2026, as an Important-rated Visual Studio Code elevation-of-privilege vulnerability fixed in VS Code 1.119.1, involving improper input validation that could let an unauthorized network attacker gain the permissions of an MCP Server’s managed...