You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 41613
About this tag
CVE-2026-41613 is an Important-rated elevation-of-privilege vulnerability in Visual Studio Code, fixed in version 1.119.1. Microsoft attributed the issue to session fixation and command-injection weaknesses that could be exploited over a network after user interaction. The vulnerability is particularly concerning for developer workstations, which often hold cloud identities, source code, secrets, and internal automation. While the bug itself is not unusual, its impact on privileged development environments makes it a significant security concern. Users are advised to update VS Code to version 1.119.1 or later to mitigate the risk.
Microsoft disclosed CVE-2026-41613 on May 12, 2026, as an Important-rated Visual Studio Code elevation-of-privilege vulnerability fixed in VS Code 1.119.1, with Microsoft attributing the issue to session fixation and command-injection weaknesses that could be abused over a network after user...