Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
03/04/2026
Zero-Day Initiative

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

by Deepanshu Jha
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-21518.
  • Next Fortinet FortiClientEMS Vulnerability Exploited in the Wild (CVE-2026-35616)
  • Previous ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

Comments are closed.

You may also like

ZDI-26-120: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit...

20/02/2026
Zero-Day Initiative

ZDI-25-1048: Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the...

11/12/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2026. All Rights Reserved.