Flaws in popular VSCode extensions expose developers to attacks
February 20, 2026
The security issues impact Live Server (CVE-2025-65715), Code Runner (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned).[…] Also, it is advisable to remove unnecessary extensions and only install those from reputable publishers, while monitoring for unexpected setting changes.
I had Live Server and Markdown Preview Enhanced installed, but since I don't use them, I uninstalled them along with a few other extensions that I don't use.