cve-2026-47284

CVE-2026-47284 is an Important-severity information disclosure vulnerability in Microsoft Visual Studio Code, disclosed on June 9, 2026. An unauthenticated attacker can exploit it by convincing a user to open a malicious file in VS Code, potentially leaking sensitive data over a network. While not a critical remote code execution flaw, it raises concerns because VS Code is a credential-adjacent, extension-rich, cloud-connected development environment. Patching to version 1.123.1 or later is recommended to mitigate the risk. This tag covers discussions about the vulnerability's impact, patching steps, and broader implications for software supply chain security.