Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.”The pipeline had a single boolean return value that meant both ‘no scanners are configured’ and ‘all scanners failed to run,’” Koi
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html
