Critical Remote Code Execution in Microsoft Visual Studio Code (CVE‑2026‑21518) via mcp.json Command Injection
What It Is – A newly disclosed vulnerability (CVE‑2026‑21518) in Microsoft Visual Studio Code allows an attacker to inject arbitrary commands through a crafted mcp.json file. When a user opens a malicious project, the unvalidated string is passed to a system call, enabling remote code execution in the context of the current user.
Exploitability – The flaw requires user interaction (opening a malicious project) but can be weaponized in phishing or supply‑chain attacks. A proof‑of‑concept has been released by the researchers; no public exploit‑as‑a‑service observed yet. CVSS 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Affected Products – Microsoft Visual Studio Code (all supported platforms).
TPRM Impact –
- Development teams across any third‑party vendor may inadvertently introduce malicious mcp.json files into build pipelines, exposing downstream customers.
- Compromise of a developer’s workstation can lead to credential theft, code tampering, and insertion of backdoors into shipped software, creating a supply‑chain risk.
Recommended Actions –
- Deploy Microsoft’s patch for CVE‑2026‑21518 immediately on all VS Code installations.
- Enforce strict “trusted project” policies: only open projects from verified sources and scan mcp.json files with endpoint protection.
- Update CI/CD pipelines to reject unsigned or unknown mcp.json artifacts before build.
- Conduct a rapid inventory of all developer workstations and remote environments that still run vulnerable VS Code versions.
- Communicate the risk to third‑party vendors and require proof of remediation in contractual security clauses.