WeSearch

When Your IDE Becomes a RCE Endpoint

Berk ALBAYRAK· ·22 min read · 0 reactions · 0 comments · 59 views
#security#vulnerability#ide
When Your IDE Becomes a RCE Endpoint
TL;DR · WeSearch summary

Researchers have discovered a vulnerability in the OpenVSX registry that allows attackers to execute code on developers' machines through VS Code-derived editors. The vulnerability is due to a dependency confusion problem, where an attacker can register an abandoned or never claimed publisher extension namespace on OpenVSX and have every Cursor, Windsurf, or other VS Code fork silently install and run their code. This vulnerability is not hypothetical and has been exploited in the past, with the researchers finding 126 exact-ID hijacks, including names with millions of installs, where a developer typing the exact trusted identifier can still be handed code that is not the original.

Key facts
Original article
Medium · Berk ALBAYRAK
Read full at Medium →
Opening excerpt (first ~120 words) tap to expand

When Your IDE Becomes a RCE EndpointBerk ALBAYRAK21 min read·1 hour ago--ListenSharePress enter or click to view image in full sizeTrendyol CSOC and Application Security research on a live supply-chain technique abusing Cursor and other VS Code-derived editors through the OpenVSX registry.TOCHow we found ourselves looking at thisMeasuring the blast radiusHow Cursor decides what to installWhat changed in June 2025Walking through an attack, step by stepIndicators you can trackHunting for itWhat you should do this weekWhere this goes nextIf your developers run Cursor, VSCodium, Windsurf, or any other fork of VS Code that pulls its extensions from OpenVSX, attacker controlled code is one editor launch away from executing on their machines.

Excerpt limited to ~120 words for fair-use compliance. The full article is at Medium.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Medium