Microsoft shipped Visual Studio Code 1.128.1 on July 8, 2026, with a stealthy but important security fix that many developers might not prioritize. The update patches CVE-2026-57101, a high-severity cross-site scripting (XSS) vulnerability that could let an unauthenticated attacker bypass a local security feature and read or modify data they shouldn't, all with just a little user interaction.

What the Patch Actually Fixes

CVE-2026-57101 is an improper neutralization of input during web-page generation flaw—the classic definition of cross-site scripting, catalogued as CWE-79. Microsoft assigned it a CVSS 3.1 score of 7.1, with a vector that reads AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. Translated: the attack requires local access and user interaction, but no privileges, and successful exploitation can fully compromise confidentiality and integrity within a changed scope. In simpler terms, an attacker who can get a developer to open maliciously crafted content in a vulnerable VS Code window could sidestep security boundaries and access sensitive data or tamper with the editor’s trust model.

The advisory, published by Microsoft’s Security Response Center on July 14, confirms that all Visual Studio Code versions from 1.0.0 up to but not including 1.128.1 are affected. The fix arrived in the 1.128.1 point release that accompanied the broader 1.128 stable channel update on July 8. Microsoft’s release notes for 1.128.1 simply state that the update “addresses security issues,” without detailing the specific attack surface. That deliberate ambiguity means defenders should treat this as a universal editor update, not a narrow component patch. Whether the XSS lurks in a Markdown preview, an integrated browser page, a webview, or another HTML-rendering element, the only supported mitigation is to upgrade the entire application.

Why This Matters—Even for a “Local” Flaw

Security teams often mentally downgrade vulnerabilities tagged “local” and “user interaction required,” especially during busy patch cycles. That would be a mistake here. Visual Studio Code routinely processes content from untrusted origins—cloned Git repositories, pull requests from strangers, project documentation inside ZIP files, extension interfaces, and web content summoned during debugging. The editor also cradles a wealth of secrets: SSH keys, cloud API tokens, Git credentials, terminal histories, and authenticated sessions to Azure, GitHub, and other platforms. If an attacker can craft a file or a webpage that triggers the XSS, they could potentially extract those tokens, modify workspace settings, or pivot to other subsystems—all without tripping a network alarm because the action originates inside the local machine’s trust boundary.

For independent developers, the risk surfaces whenever you open an unfamiliar project, review someone else’s code, or load a browser preview of an untrusted site inside VS Code. For enterprise developers, the stakes are amplified: their workstations often have privileged network access, administrative rights, and direct pipelines to production infrastructure. A security feature bypass that allows read and write operations inside the editor’s scope can become a stepping stone to a broader breach.

The Enterprise Patching Gap

Microsoft gives IT admins extensive control over how and when VS Code updates itself, through an UpdateMode policy that can be set to “none,” “manual,” “startup,” or “default” (background). That flexibility is valuable, but it creates a familiar blind spot: the most locked‑down environments are often the slowest to receive point releases. If your organization configured VS Code to update manually or disabled updates entirely, version 1.128.1 won’t reach those endpoints unless someone explicitly pushes it. The same concern applies to installations distributed via Intune, Configuration Manager, or custom golden images—version sprawl is almost guaranteed.

Administrators should act immediately to:

  • Identify every Windows system running VS Code below 1.128.1. Use your software inventory tool to query the installed version—the binary typically sits in %LOCALAPPDATA%\\Programs\\Microsoft VS Code or a similar path.
  • Check the update policy in place. If UpdateMode is set to “manual” or “none,” plan a managed deployment rather than waiting for users to initiate Help > Check for Updates.
  • Prioritize machines used by developers with elevated privileges, access to source repositories, or permanent cloud credentials. Persistent virtual desktops, build servers, and lab workstations should also top the list—they may not have a regular user to trigger manual updates.
  • Deploy 1.128.1 (or a later supported build) through your standard software distribution channel. After deployment, verify the version via a detection script that reads Code.exe file details, not just user self‑attestation.

A Common Misconception: This Isn’t an Extension Issue

VS Code’s extension ecosystem has its own update system and its own risk profile. Patching extensions—or even locking them down with the recently expanded auto‑update policies—does nothing to fix CVE‑2026‑57101. The vulnerability lives in the core editor binary, not in an installable add‑on. Upgrading from, say, ESLint 2.4.2 to 2.4.3 while the editor remains on 1.127.3 leaves the door wide open. This distinction is especially important now because the 1.128 release introduced several new capabilities—agent sessions, richer Chat attachment handling, and an integrated browser—that might tempt administrators into disabling features as a workaround. Without a public root cause analysis, disabling features is a shot in the dark. The only reliable fix is to update the editor itself.

If an immediate editor update is impossible, organizations can reduce interim exposure by:

  • Restricting use of the vulnerable build to trusted, internal content only. Prohibit opening customer‑supplied files, external pull requests, or public repositories on unpatched machines.
  • Enforcing least privilege for developer accounts: strip local admin rights, use dedicated accounts for production access, and separate high‑value credentials from routine code‑review activities.
  • Isolating high‑risk work to a patched, dedicated virtual machine or a remote development server.

These are containment measures, not a remedy. They lower the blast radius while the update rolls out.

Timeline and Context

Visual Studio Code 1.128 arrived on July 8, 2026, with a long list of features centered on agent workflows, integrated browser behavior, and OS‑level keybindings. The same day, Microsoft silently published the 1.128.1 point release on the stable channel, flagged only with a terse “addresses security issues” note in the release history. The MSRC advisory for CVE‑2026‑57101 followed on July 14, giving the vulnerability a formal identifier and a CVSS rating. As of that publication, Microsoft had seen no indication of public exploitation or automated attacks, and CISA’s SSVC assessment echoed that with “exploitation: none” and “automatable: no.” These are reassuring snapshots, but they are not guarantees. With the CVE now public, the countdown begins until someone crafts a proof of concept.

This is not the first time a developer tool has carried a high‑severity XSS, but the ubiquity of VS Code—and the fact that it’s often exempt from the rigorous patch‑management cycles applied to browsers or operating systems—makes this one stick out. Developers who treat VS Code like a simple text editor miss the point: it’s a complex, network‑connected application that renders web content and executes code, and it deserves the same security attention as an email client or a web browser.

Step‑by‑Step: How to Secure Your VS Code Now

For individual users

  1. Open VS Code and navigate to Help > About. Note the version number. If it’s anything less than 1.128.1, you are vulnerable.
  2. Go to Help > Check for Updates. If the updater is functional, VS Code will download and apply the latest release. You must restart the editor afterward.
  3. If the updater is disabled or you’re on a disconnected machine, download the latest installer directly from the official website. Run it over your existing installation—your settings and extensions will be preserved.
  4. After updating, verify the version again. It should read 1.128.1 or a newer build. If you see 1.128.0, you only have the feature update, not the security fix.

For IT administrators

  1. Inventory: Query all managed Windows endpoints for VS Code installations. A simple registry check or file‑version scan will work. Target %ProgramFiles%\\Microsoft VS Code\\Code.exe, %LOCALAPPDATA%\\Programs\\Microsoft VS Code\\Code.exe, and any custom installation paths.
  2. Assess update policies: Check the UpdateMode setting in %APPDATA%\\Code\\User\\settings.json or via group policy. If it’s “none” or “manual,” flag the machine for forced remediation.
  3. Deploy: Push the 1.128.1 installer through your standard software distribution system. Microsoft provides EXE, MSI, and ZIP packages; use the format your tooling supports. For Intune, you can package the installer as a Win32 app with detection rules based on the file version.
  4. Verify: After deployment, run a compliance scan to confirm that the installed version is >= 1.128.1. Do not rely on user confirmation—automate the check.
  5. Adjust policies: If your security posture allows, consider shifting developer workstations to a “default” update mode so future security fixes arrive automatically. For more restrictive environments, create a recurring task to review and approve new VS Code releases within 24 hours of a Microsoft security advisory.

For everyone

  • Treat VS Code like any other security‑sensitive application. Subscribe to Microsoft’s security update notifications and the official Visual Studio Code release feed.
  • Segregate sensitive credentials. Use separate machine identities or temporary tokens for daily development, and never store production secrets on a workstation that opens untrusted content.
  • When in doubt, open suspicious projects in a sandboxed environment—a virtual machine, Windows Sandbox, or a Dev Container—before bringing them into your daily driver.

What’s Next

Microsoft rarely discloses full technical details of a vulnerability immediately. Over the coming weeks, the MSRC advisory may be updated with a deeper explanation of the exploit mechanism and the exact editor surface that was patched. If a proof‑of‑concept surfaces in public, the risk profile will shift from “patch now at your own pace” to “patch immediately before opportunistic attacks begin.” For now, defenders have a rare window: the fix is available, the attack is not yet automated, and the guidance is straightforward. The only missing piece is action. Update Visual Studio Code to 1.128.1 or later, prove the old version is gone, and keep it that way.