Flaws in popular VSCode extensions expose developers to attacks

Bleeping Computer

by Bill Toulas

February 17, 2026

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.

Verticals

securitytech

Originally published on Bleeping Computer on 2/17/2026