Visual%20Studio%20Code%20-%20MSSQL%20Extension

CNA

1Vulnerabilities found

CVSS Score-7.8||HIGH

EPSS-Not Assigned

Published-09 Jun, 2026 | 17:04

Updated-10 Jun, 2026 | 03:57

Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Inclusion of Functionality from Untrusted Control Sphere

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')