CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-40376

highCVSS 7.5covered by 1 sourcefirst seen 2026-06-09
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CSIRTS triage

What
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Who is affected
Users of Visual Studio Code with network access.
Urgency
Remediation is important but not urgent as there is no active exploitation reported.
Action
Update Visual Studio Code to the latest version to mitigate the vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-40376

Get an email if CVE-2026-40376 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-40376

CVE.org record

Embed the live status

CVE-2026-40376 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-40376 status](https://www.csirts.com/badge/CVE-2026-40376)](https://www.csirts.com/cve/CVE-2026-40376)