← Back to Trending
TRENDING
VULNERABILITY
2026-03-30 07:17 UTC
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Trending | Vulnerability
TREND SUMMARY
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean
Overview
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi
Organisations Involved
The following organisations are mentioned in relation to this incident: Bug Let Malicious, Code Extensions Bypass Pre, Microsoft, Microsoft Visual Studio Code, Publish Security Checks
Cybersecurity.
ENTITIES
Microsoft Visual Studio CodeCode Extensions Bypass PreMicrosoft
DEBUG — Testing Information
| AR-ID | 5fda6c73-50c1-4a8e-9e8b-ba24c1f11e7e |
| NEWS-ID | 4685f08c-81ed-4c93-9a67-cf95aa9b96e3 |
| Article type | trending |
| Categories | vulnerability |
| Quality score | 0.9220 |
| Generation timestamp | 2026-03-30 07:17 UTC |
| Publish timestamp | 2026-03-30 07:17 UTC |
| Editor corrections | [{"by": "cn-editor", "note": "passed quality checks", "score": 0.922}] |
ENTITIES:
Microsoft Visual Studio Code
Code Extensions Bypass Pre
Microsoft
EMBEDDING: 384-dim (present)