CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical vulnerabilities in popular VSCode extensions enable RCE and file theft

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

Multiple high-to-critical severity vulnerabilities in popular VSCode extensions, collectively downloaded over 128 million times, expose developers to remote code execution (RCE) and file theft. The affected extensions include Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. Researchers at Ox Security discovered these flaws in June 2025 but received no response from maintainers. Exploitation could lead to lateral movement, data exfiltration, and system takeover in corporate environments. Microsoft silently fixed the Live Preview vulnerability in version 0.4.16 released in September 2025. The vulnerabilities also affect AI-powered IDEs Cursor and Windsurf.

Timeline

  1. 17.02.2026 23:27 3 articles · 2d ago

    Critical vulnerabilities in popular VSCode extensions disclosed

    Researchers at Ox Security discovered high-to-critical severity vulnerabilities in popular VSCode extensions, including Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. These vulnerabilities enable remote code execution and file theft, with potential impacts including lateral movement and data exfiltration in corporate environments. The affected extensions were collectively downloaded over 128 million times. Microsoft silently fixed the Live Preview vulnerability in version 0.4.16 released in September 2025.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical Unauthenticated RCE Flaw in SmarterMail Patched

SmarterTools has addressed a critical unauthenticated remote code execution (RCE) flaw in SmarterMail email software, tracked as CVE-2026-24423 with a CVSS score of 9.3. The vulnerability allows attackers to execute arbitrary OS commands by pointing SmarterMail to a malicious HTTP server. The flaw was discovered by researchers from watchTowr, CODE WHITE GmbH, and VulnCheck and was patched in version Build 9511, released on January 15, 2026. CISA has added CVE-2026-24423 to its KEV catalog, marking it as actively exploited in ransomware campaigns, and has given federal agencies until February 26, 2026, to patch or stop using affected versions. Additionally, another critical flaw (CVE-2026-23760) and a medium-severity vulnerability (CVE-2026-25067) were also addressed in subsequent updates.

Open in new tab

Chainlit Framework Vulnerabilities Expose AI Application Infrastructure

Two high-severity vulnerabilities in the Chainlit framework, tracked as CVE-2026-22218 and CVE-2026-22219, allow authenticated users to read arbitrary files and perform server-side request forgery (SSRF), potentially exposing sensitive data and cloud resources. These vulnerabilities, collectively dubbed ChainLeak by Zafran Security, were responsibly disclosed on November 23, 2025, and patched on December 24, 2025, with the release of Chainlit version 2.9.4. Chainlit, widely used for building conversational AI applications, has seen significant adoption with over 7.3 million downloads to date, including 220,000 in the past week alone. The vulnerabilities highlight the risks posed by traditional web flaws in AI application environments, particularly in enterprise deployments and academic institutions.

Open in new tab

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in the mcp-server-git, maintained by Anthropic, allow file access, deletion, and code execution via prompt injection. The flaws have been addressed in versions 2025.9.25 and 2025.12.18. The vulnerabilities include path traversal and argument injection issues that can be exploited to manipulate Git repositories and execute arbitrary code. The issues were disclosed by Cyata researcher Yarden Porat, highlighting the risks of prompt injection attacks without direct system access. The vulnerabilities affect all versions of mcp-server-git released before December 8, 2025, and apply to default installations. An attacker only needs to influence what an AI assistant reads to trigger the vulnerabilities. The flaws allow attackers to execute code, delete arbitrary files, and load arbitrary files into a large language model's context. While the vulnerabilities do not directly exfiltrate data, sensitive files may still be exposed to the AI, creating downstream security and privacy risks. The vulnerabilities have been assigned CVE-2025-68143, CVE-2025-68144, and CVE-2025-68145.

Open in new tab

Critical Vulnerabilities in Fluent Bit Logging Agent

Critical vulnerabilities in Fluent Bit, a widely used telemetry agent, have been disclosed. These flaws affect log, metric, and trace handling across banking, cloud, and SaaS platforms. The issues include improper input validation, path traversal bugs, and authentication bypasses, allowing attackers to manipulate logs, overwrite files, and execute code. Patches are available in versions v4.1.1 and v4.0.12, but older versions remain at risk. The vulnerabilities could distort observability pipelines, impacting financial services, security products, and SaaS environments. Immediate patching and configuration hardening are recommended. AWS has urged customers to update to the latest version of Fluent Bit for optimal protection. The flaws could enable attackers to disrupt cloud services, manipulate data, and burrow deeper into cloud and Kubernetes infrastructure.

Open in new tab

React Native CLI Remote Code Execution Vulnerability (CVE-2025-11953)

A critical security flaw in the React Native CLI package, tracked as CVE-2025-11953, allowed remote, unauthenticated attackers to execute arbitrary OS commands on development servers. The vulnerability affected versions 4.8.0 through 20.0.0-alpha.2 of the @react-native-community/cli-server-api package, impacting millions of developers using the React Native framework. The flaw was patched in version 20.0.0. The vulnerability is being actively exploited in the wild, with attacks observed on December 21, 2025, January 4, 2026, and January 21, 2026. The attacks involve delivering base-64 encoded PowerShell payloads hidden in the HTTP POST body of malicious requests. The payloads disable endpoint protections, establish a raw TCP connection to attacker-controlled infrastructure, write data to disk, and execute the downloaded binary. Approximately 3,500 exposed React Native Metro servers are still online, according to scans using the ZoomEye search engine. Despite active exploitation being observed for over a month, the vulnerability still carries a low score in the Exploit Prediction Scoring System (EPSS). The vulnerability affects Windows, Linux, and macOS systems, with varying levels of control over executed commands. The flaw was discovered by researchers at JFrog and disclosed in early November 2025. The vulnerability is dubbed Metro4Shell by VulnCheck. The Windows payload is a Rust-based UPX-packed binary with basic anti-analysis logic, and the same attacker infrastructure hosts corresponding Linux binaries, indicating cross-platform targeting.

Open in new tab