CVE-2026-47281— Visual Studio Code Elevation of Privilege Vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Visual Studio Code | 1.0.0< 1.123.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47281
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Visual Studio Code Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Visual Studio Code 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Visual Studio Code是美国微软(Microsoft)公司的一款开源的代码编辑器。 Microsoft Visual Studio Code存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Visual Studio Code | 1.0.0 ~ 1.123.2 | - |
II. Public POCs for CVE-2026-47281
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-47281
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-47281 (1)
Same Patch Batch · Microsoft · 2026-06-09 · 200 CVEs total
| CVE-2026-47643 | 9.8 CRITICAL | Azure Stack Edge Remote Code Execution Vulnerability |
| CVE-2026-26142 | 9.8 CRITICAL | Nuance PowerScribe Remote Code Execution Vulnerability |
| CVE-2026-45657 | 9.8 CRITICAL | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2026-44815 | 9.8 CRITICAL | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2026-47291 | 9.8 CRITICAL | HTTP.sys Remote Code Execution Vulnerability |
| CVE-2026-42904 | 9.6 CRITICAL | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-45602 | 9.1 CRITICAL | Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
| CVE-2026-45648 | 8.8 HIGH | Windows Active Directory Domain Services Remote Code Execution Vulnerability |
| CVE-2026-45484 | 8.8 HIGH | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2026-40371 | 8.8 HIGH | Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
| CVE-2026-42985 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-47653 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45504 | 8.8 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2026-32193 | 8.8 HIGH | Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability |
| CVE-2026-47289 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45641 | 8.4 HIGH | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-41098 | 8.4 HIGH | Azure Stack Edge Spoofing Vulnerability |
| CVE-2026-45472 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45482 | 8.4 HIGH | Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability |
| CVE-2026-45463 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
Showing top 20 of 200 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Visual Studio Code
- CVE-2026-48569
Visual Studio Code Security Feature Bypass Vulnerability - CVE-2026-47284
Visual Studio Code Information Disclosure Vulnerability - CVE-2026-40376
Visual Studio Code Elevation of Privilege Vulnerability - CVE-2026-47287
Visual Studio Code Tampering Vulnerability - CVE-2026-41613
Visual Studio Code Elevation of Privilege Vulnerability
Same vendor: Microsoft
- CVE-2026-50656
Microsoft Defender Elevation of Privilege Vulnerability - CVE-2026-50511
Microsoft PC Manager Elevation of Privilege Vulnerability - CVE-2026-50512
Microsoft PC Manager Elevation of Privilege Vulnerability - CVE-2026-44813
Windows DWM Core Library Elevation of Privilege Vulnerabilit - CVE-2026-44804
Windows DWM Core Library Elevation of Privilege Vulnerabilit
Same weakness: CWE-862
- CVE-2026-11719
MCP数据库工具箱旧版本认证绕过漏洞 - CVE-2026-12093
Simple Membership <= 4.7.5 - Missing Authorization to Unauth - CVE-2026-10029
Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauth - CVE-2026-9199
Equalize Digital Accessibility Checker <= 1.42.1 - Missing A - CVE-2026-12407
E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (C
V. Comments for CVE-2026-47281
No comments yet