Ox Security disclosures of high-severity vulnerabilities in popular VSCode extensions
Security researchers at Ox Security reported multiple high-to-critical vulnerabilities in widely used Visual Studio Code extensions—collectively exceeding 128 million downloads—that could enable local file exfiltration and code execution in developer environments. The issues highlighted include Live Server (CVE-2025-65717), Code Runner (CVE-2025-65715, referenced in reporting but not included as a CVE entry here), Markdown Preview Enhanced (CVE-2025-65716), and Microsoft Live Preview (no CVE cited in the reporting). Ox Security stated it attempted disclosure starting in June 2025 but did not receive responses from maintainers, warning that exploitation could support lateral movement, data theft, and system takeover in corporate networks where developer workstations are a pivot point.
The CVE records included in this set describe two of the extension flaws in more detail: CVE-2025-65717 (Live Server v5.7.9) allows attackers to exfiltrate files when a user interacts with a crafted HTML page, and CVE-2025-65716 (Markdown Preview Enhanced v0.8.18) can lead to arbitrary code execution via a crafted .md file (user interaction required). Other items in the feed are unrelated, covering a broad mix of independent vulnerabilities (e.g., Tenable Security Center command injection, LightLLM unsafe deserialization RCE, libvpx heap overflow affecting Firefox/Thunderbird, and multiple router/IoT hard-coded credential and command-injection issues) and should not be treated as part of the VSCode-extension disclosure story.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
ZoneMinder command injection vulnerability was publicly detailed
On Feb. 18, 2026, CVE-2025-65791 was updated with technical details describing a command injection flaw in ZoneMinder v1.36.34's web/views/image.php, where unsanitized input reaches exec(). The record added CVSS scoring, CWE classification, and a public reference, indicating unauthenticated remote exploitation with high impact.
OX Security publicly reported multiple high-severity VSCode extension flaws
OX Security disclosed multiple high-to-critical vulnerabilities in Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview, warning they could enable file theft, remote code execution, lateral movement, and full system compromise. The report said the issues also affect VSCode-compatible IDEs such as Cursor and Windsurf and impact extensions with more than 128 million combined downloads.
CVE details were enriched for VSCode extension flaws
On Feb. 17, 2026, the CVE records for CVE-2025-65716 and CVE-2025-65717 were updated with CVSS scoring, CWE classifications, and references to project repositories and third-party research. The updates characterized the flaws as high-severity issues affecting Markdown Preview Enhanced and Live Server.
MITRE received CVE-2025-65716 and CVE-2025-65717 records
MITRE received CVE records for two Visual Studio Code extension vulnerabilities: CVE-2025-65716 in Markdown Preview Enhanced and CVE-2025-65717 in Live Server. The issues involve arbitrary code execution via a crafted Markdown file and file exfiltration via a crafted HTML page, respectively.
OX Security began disclosing VSCode extension flaws to maintainers
OX Security said it started responsible disclosure efforts in June 2025 for multiple vulnerabilities affecting popular Visual Studio Code extensions, but reported receiving no response from maintainers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE-2025-65791 - ZoneMinder Command Injection Vulnerability
cvefeed.io
Open sourceFlaws in popular VSCode extensions expose developers to attacks
bleepingcomputer.com
Open sourceCVE-2025-65717 - Visual Studio Code Extensions Live Server File Exfiltration Vulnerability
cvefeed.io
Open sourceCVE-2025-65716 - Visual Studio Code Extensions Markdown Preview Enhanced Code Execution Vulnerability
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical Vulnerabilities in Popular VS Code Extensions Enable Local File Theft and Code Execution
Security researchers at **OX Security** disclosed multiple vulnerabilities across widely used Microsoft Visual Studio Code extensions—**Live Server**, **Code Runner**, **Markdown Preview Enhanced**, and **Microsoft Live Preview**—with combined installs reported at **125–128 million**. The issues enable attacks ranging from **local file exfiltration** to **arbitrary code/JavaScript execution**, and highlight how a single vulnerable or malicious extension can be leveraged for broader compromise and potential lateral movement in developer environments. Reported flaws include **CVE-2025-65717** (Live Server; CVSS 9.1) enabling local file theft by luring a developer to a malicious site while the extension’s local server is running (e.g., `localhost:5500`), **CVE-2025-65716** (Markdown Preview Enhanced; CVSS 8.8) allowing arbitrary JavaScript execution via a crafted `.md` file with subsequent local port enumeration and exfiltration, and **CVE-2025-65715** (Code Runner; CVSS 7.8) enabling code execution by tricking users into modifying `settings.json`. Separate reporting on **Microsoft Live Preview** describes a **one-click reflected XSS** and unauthenticated request abuse against the extension’s local development server to enumerate and exfiltrate sensitive files (e.g., `.env`, API keys, source code); this Live Preview issue was reported as patched in version **0.4.16** via input sanitization (e.g., an `escapeHTML` function), while other extension issues were described as **unpatched** at the time of reporting.
Mar 21, 2026
Microsoft Fixes Visual Studio Code Elevation of Privilege Flaws
Microsoft disclosed and patched multiple **elevation of privilege** vulnerabilities affecting **Visual Studio Code** and its **JS Debug Extension**, including `CVE-2025-24039`, `CVE-2025-24042`, and `CVE-2026-41613`. The latest issue, `CVE-2026-41613`, is rated **Important** with a **CVSS 3.1 score of 8.8** and is described as a **session fixation** flaw mapped to `CWE-384` and `CWE-78`. Microsoft said the vulnerability affects Visual Studio Code itself, while the earlier 2025 advisories cover separate privilege-escalation bugs in the core product and the JS Debug Extension. According to Microsoft, exploitation of `CVE-2026-41613` requires **user interaction**, specifically convincing a target to open a malicious file in VS Code, and could allow an attacker to obtain the permissions of the **MCP Server’s managed identity**. Microsoft said the flaw was **not publicly disclosed** and **not exploited** at the time of release, assessed exploitation as **less likely**, and made a fix available; the issue was credited to **Elad Luz of Oasis Security** through coordinated disclosure.
May 25, 2026
OpenCode AI Coding Agent RCE via Unauthenticated Local Server and Web UI XSS
Security researchers disclosed two high-severity vulnerabilities in the open-source **OpenCode** AI coding agent that can allow **arbitrary command execution on a developer workstation** in drive-by scenarios. **CVE-2026-22812** stems from OpenCode automatically starting an **unauthenticated HTTP server** with **permissive CORS** (`Access-Control-Allow-Origin: *`), enabling any local process—or a malicious website via cross-origin requests—to invoke sensitive local API endpoints and execute shell commands with the user’s privileges. Separately, **CVE-2026-22813** is a **critical** issue in the OpenCode web UI where the markdown renderer can inject arbitrary HTML into the DOM without sanitization (no *DOMPurify* and no CSP), enabling JavaScript execution on the `http://localhost:4096` origin and subsequent access to local APIs that can spawn processes. Mitigations are available for both OpenCode issues: **CVE-2026-22812** is fixed in **OpenCode 1.0.216**, and **CVE-2026-22813** is fixed in **OpenCode 1.1.10**. Other items in the set describe unrelated vulnerabilities in different products (e.g., a command-injection flaw in an end-of-life VS Code extension, unsafe deserialization in *LlamaIndex*, ReDoS in *LangChain*, and various web app SQLi/XSS/access-control issues) and do not materially change the OpenCode risk picture; they should be tracked separately by affected-asset ownership and exposure.
Mar 21, 2026