cve-2026-47287

CVE-2026-47287 is a Microsoft-listed tampering vulnerability in Visual Studio Code, published through the Microsoft Security Response Center on June 9, 2026. This flaw affects the developer toolchain rather than the Windows kernel, posing a risk to source code, secrets, extensions, build tasks, remote workspaces, and AI-assisted development workflows. Discussions on WindowsForum focus on the vulnerability's existence, available technical details, and its implications for the developer supply chain. As a pressure point in the editor many developers use daily, CVE-2026-47287 underscores the importance of securing development environments against tampering risks.