Ox Security disclosures of high-severity vulnerabilities in popular VSCode extensions
Security researchers at Ox Security reported multiple high-to-critical vulnerabilities in widely used Visual Studio Code extensions—collectively exceeding 128 million downloads—that could enable local file exfiltration and code execution in developer environments. The issues highlighted include Live Server (CVE-2025-65717), Code Runner (CVE-2025-65715, referenced in reporting but not included as a CVE entry here), Markdown Preview Enhanced (CVE-2025-65716), and Microsoft Live Preview (no CVE cited in the reporting). Ox Security stated it attempted disclosure starting in June 2025 but did not receive responses from maintainers, warning that exploitation could support lateral movement, data theft, and system takeover in corporate networks where developer workstations are a pivot point.
The CVE records included in this set describe two of the extension flaws in more detail: CVE-2025-65717 (Live Server v5.7.9) allows attackers to exfiltrate files when a user interacts with a crafted HTML page, and CVE-2025-65716 (Markdown Preview Enhanced v0.8.18) can lead to arbitrary code execution via a crafted .md file (user interaction required). Other items in the feed are unrelated, covering a broad mix of independent vulnerabilities (e.g., Tenable Security Center command injection, LightLLM unsafe deserialization RCE, libvpx heap overflow affecting Firefox/Thunderbird, and multiple router/IoT hard-coded credential and command-injection issues) and should not be treated as part of the VSCode-extension disclosure story.
Timeline
Feb 18, 2026
ZoneMinder command injection vulnerability was publicly detailed
On Feb. 18, 2026, CVE-2025-65791 was updated with technical details describing a command injection flaw in ZoneMinder v1.36.34's web/views/image.php, where unsanitized input reaches exec(). The record added CVSS scoring, CWE classification, and a public reference, indicating unauthenticated remote exploitation with high impact.
Feb 17, 2026
OX Security publicly reported multiple high-severity VSCode extension flaws
OX Security disclosed multiple high-to-critical vulnerabilities in Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview, warning they could enable file theft, remote code execution, lateral movement, and full system compromise. The report said the issues also affect VSCode-compatible IDEs such as Cursor and Windsurf and impact extensions with more than 128 million combined downloads.
Feb 17, 2026
CVE details were enriched for VSCode extension flaws
On Feb. 17, 2026, the CVE records for CVE-2025-65716 and CVE-2025-65717 were updated with CVSS scoring, CWE classifications, and references to project repositories and third-party research. The updates characterized the flaws as high-severity issues affecting Markdown Preview Enhanced and Live Server.
Feb 16, 2026
MITRE received CVE-2025-65716 and CVE-2025-65717 records
MITRE received CVE records for two Visual Studio Code extension vulnerabilities: CVE-2025-65716 in Markdown Preview Enhanced and CVE-2025-65717 in Live Server. The issues involve arbitrary code execution via a crafted Markdown file and file exfiltration via a crafted HTML page, respectively.
Jun 1, 2025
OX Security began disclosing VSCode extension flaws to maintainers
OX Security said it started responsible disclosure efforts in June 2025 for multiple vulnerabilities affecting popular Visual Studio Code extensions, but reported receiving no response from maintainers.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
Critical Vulnerabilities in Popular VS Code Extensions Enable Local File Theft and Code Execution
Security researchers at **OX Security** disclosed multiple vulnerabilities across widely used Microsoft Visual Studio Code extensions—**Live Server**, **Code Runner**, **Markdown Preview Enhanced**, and **Microsoft Live Preview**—with combined installs reported at **125–128 million**. The issues enable attacks ranging from **local file exfiltration** to **arbitrary code/JavaScript execution**, and highlight how a single vulnerable or malicious extension can be leveraged for broader compromise and potential lateral movement in developer environments. Reported flaws include **CVE-2025-65717** (Live Server; CVSS 9.1) enabling local file theft by luring a developer to a malicious site while the extension’s local server is running (e.g., `localhost:5500`), **CVE-2025-65716** (Markdown Preview Enhanced; CVSS 8.8) allowing arbitrary JavaScript execution via a crafted `.md` file with subsequent local port enumeration and exfiltration, and **CVE-2025-65715** (Code Runner; CVSS 7.8) enabling code execution by tricking users into modifying `settings.json`. Separate reporting on **Microsoft Live Preview** describes a **one-click reflected XSS** and unauthenticated request abuse against the extension’s local development server to enumerate and exfiltrate sensitive files (e.g., `.env`, API keys, source code); this Live Preview issue was reported as patched in version **0.4.16** via input sanitization (e.g., an `escapeHTML` function), while other extension issues were described as **unpatched** at the time of reporting.
1 months ago
OpenCode AI Coding Agent RCE via Unauthenticated Local Server and Web UI XSS
Security researchers disclosed two high-severity vulnerabilities in the open-source **OpenCode** AI coding agent that can allow **arbitrary command execution on a developer workstation** in drive-by scenarios. **CVE-2026-22812** stems from OpenCode automatically starting an **unauthenticated HTTP server** with **permissive CORS** (`Access-Control-Allow-Origin: *`), enabling any local process—or a malicious website via cross-origin requests—to invoke sensitive local API endpoints and execute shell commands with the user’s privileges. Separately, **CVE-2026-22813** is a **critical** issue in the OpenCode web UI where the markdown renderer can inject arbitrary HTML into the DOM without sanitization (no *DOMPurify* and no CSP), enabling JavaScript execution on the `http://localhost:4096` origin and subsequent access to local APIs that can spawn processes. Mitigations are available for both OpenCode issues: **CVE-2026-22812** is fixed in **OpenCode 1.0.216**, and **CVE-2026-22813** is fixed in **OpenCode 1.1.10**. Other items in the set describe unrelated vulnerabilities in different products (e.g., a command-injection flaw in an end-of-life VS Code extension, unsafe deserialization in *LlamaIndex*, ReDoS in *LangChain*, and various web app SQLi/XSS/access-control issues) and do not materially change the OpenCode risk picture; they should be tracked separately by affected-asset ownership and exposure.
1 months ago
VS Code Extensions Leak Sensitive Secrets, Exposing Users to Supply Chain Attacks
Researchers discovered that over 550 sensitive secrets were inadvertently leaked through more than 500 Visual Studio Code (VS Code) extensions available on both the VS Code and Open VSX marketplaces. These secrets included access and authorization tokens, credentials, API keys, encryption keys, and certificates, which are critical for securing access to various platforms and services. The investigation, conducted by Wiz Security, revealed that the leaked secrets spanned 67 categories, with the majority falling into three main groups: generative AI platforms, high-risk professional platforms such as AWS, GCP, Auth0, and GitHub, and databases like MongoDB and Postgres. Notably, more than 100 of the exposed secrets would have allowed attackers to update the affected extensions themselves. Because VS Code automatically updates extensions, this created a significant risk that attackers could deploy malicious updates to a large user base without user intervention. Wiz Security estimated that, had these vulnerabilities been exploited, malware could have been pushed to approximately 150,000 users in a single attack. The risk was not limited to code-heavy extensions; even theme extensions, which are often perceived as harmless, were found to be capable of introducing malware. The research highlighted that some internal extensions, such as those published by large corporations for internal use, were inadvertently made public, further increasing the attack surface. Vendor-specific extensions, commonly used for convenience, were identified as particularly attractive targets for attackers due to their potential for targeted exploitation. Microsoft was notified of the findings and worked with the researchers to address the issues and mitigate the risks. The incident underscores the importance of rigorous security practices in extension development and the need for continuous monitoring of third-party code in software supply chains. The exposure of secrets in widely used development tools like VS Code demonstrates how supply chain vulnerabilities can have far-reaching consequences. Organizations are advised to audit their use of extensions, restrict unnecessary permissions, and ensure that sensitive credentials are never hardcoded or exposed in public repositories. The case also serves as a warning about the risks of publishing internal tools to public marketplaces, as this can inadvertently expose sensitive infrastructure to external threats. The findings have prompted calls for improved vetting processes for extensions and greater awareness among developers about the risks of credential leakage. This incident is a stark reminder that even seemingly minor oversights in software development can lead to large-scale security incidents affecting tens of thousands of users. The potential for automated malware deployment through compromised extensions highlights the evolving nature of supply chain threats in the software ecosystem. Security researchers continue to monitor the situation and recommend best practices for extension security to prevent similar incidents in the future.
1 months ago