Signal

Flaws disclosed in four widely used VS code extensions with 125M+ installs

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-18 12:30 UTCUpdated 2026-02-18 13:16 UTC

rss

vulnerabilitiesdeveloper_toolssupply_chainadvisorycves

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

The Hacker News · News · thehackernews.com · 2026-02-18 13:16 UTC

Flaws in four popular VS Code extensions left 128 million installs open to attack

CSO Online · News · csoonline.com · 2026-02-18 12:30 UTC

limited source diversity in top sources

View all evidence

Overview

Security researchers disclosed critical/high-severity vulnerabilities in four widely used Visual Studio Code extensions, highlighting how trusted developer tooling can become an attack path when extensions run with broad access to local files, terminals, and network resources.

Entities

MicrosoftOX SecurityVisual Studio CodeLive ServerCode RunnerMarkdown Preview Enhanced

Score total

1.03

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Findings were published this week, with coverage from multiple outlets
CSO Online notes CVEs were assigned/published on Feb. 16
The affected extensions have massive install bases, increasing exposure

Why it matters

VS Code extensions can have broad local file/terminal/network access, amplifying impact
Legitimate, popular extensions can be risky even without being overtly malicious
Potential outcomes include file theft and remote code execution on developer machines

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Vulnerabilities in four popular VS Code extensions could enable local file theft and remote code execution.
The affected extensions were collectively installed/downloaded more than 125–128 million times.
OX Security reported the findings and said it began notifying vendors in June 2025, with no response from three of four maintainers.

How sources frame it

The Hacker News: neutral
CSO Online: neutral

All evidence

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

The Hacker News · thehackernews.com · 2026-02-18 13:16 UTC

Flaws in four popular VS Code extensions left 128 million installs open to attack

CSO Online · csoonline.com · 2026-02-18 12:30 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Hacker News (1)
CSO Online (1)

Top origin domains (this list)

thehackernews.com (1)
csoonline.com (1)