Path traversal in Visual Studio Code - CVE-2026-45496
Published: July 17, 2026
Visual Studio Code
Detailed vulnerability description
The vulnerability allows a local attacker to bypass a security feature.
The vulnerability exists due to path traversal in sensitive file protections when handling crafted pathnames. A local attacker can supply a pathname that traverses outside a restricted directory to bypass a security feature.
The bypass affects Visual Studio Code sensitive file protections.