CVE-2026-45496: Visual Studio Code Security Feature Bypass Vulnerability

Overview

Severity
Medium (CVSS 5.5)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Category
Security Feature Bypass
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14
EPSS Score
0.45% (percentile: 36.6%)

Description

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.

Affected Products (1)

Developer Tools

  • Visual Studio Code

Security Updates (1)

Acknowledgments

<a href="https://www.linkedin.com/in/tarek-nakkouch/">Tarek Nakkouch</a>, <a href="https://github.com/samer666569">陳宥升 (CheN..)</a>

Revision History

  • 2026-07-14: Information published.