ZDI 2026-04-02

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

CVE-2026-21518

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires a user to open a malicious project to trigger command injection via mcp.json in Visual Studio Code.

Context

Microsoft Visual Studio Code is affected by a command injection vulnerability related to the mcp.json file. The vulnerability can lead to remote code execution if a user opens a malicious project. The advisory notes user interaction is required for exploitation. Worth noting that the attack surface is limited to project file handling rather than network-based triggers.

Operator considerations

Check: Identify instances of Visual Studio Code where untrusted projects may be opened by users.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-21518.

Read the full advisory on ZDI →