cve-2026-47281

CVE-2026-47281 is a Microsoft Visual Studio Code elevation-of-privilege vulnerability disclosed on June 9, 2026. Rated Important, it allows an unauthenticated network attacker to gain SYSTEM privileges if a user opens a malicious .code-workspace file in VS Code. The vulnerability highlights the security challenges around workspaces, extensions, and local files in modern development tools. While it is a developer-tool bug, the potential impact extends to enterprise IT environments where VS Code is widely used. Discussions on WindowsForum cover the technical details, the awkwardness of the security model, and the broader implications for organizations relying on VS Code as a privileged command center.