cve 2026 41612

CVE-2026-41612 is an Important-severity information disclosure vulnerability in the Visual Studio Code Live Preview extension, caused by relative path traversal. Microsoft published the advisory on May 12, 2026, and the flaw is fixed in version 0.4.19. While exploitation is considered less likely and the bug is not a remote-code-execution issue, it affects developer tooling that handles local files, project paths, credentials, and internal application context. This vulnerability highlights that modern editors like VS Code are part of the attack surface. WindowsForum.com discussions cover the technical details, the fix, and the broader security implications for developers using VS Code extensions.