When Your IDE Becomes a RCE Endpoint
Researchers have discovered a vulnerability in the OpenVSX registry that allows attackers to execute code on developers' machines through VS Code-derived editors. The vulnerability is due to a dependency confusion problem, where an attacker can register an abandoned or never claimed publisher extension namespace on OpenVSX and have every Cursor, Windsurf, or other VS Code fork silently install and run their code. This vulnerability is not hypothetical and has been exploited in the past, with the researchers finding 126 exact-ID hijacks, including names with millions of installs, where a developer typing the exact trusted identifier can still be handed code that is not the original.
- ▪The vulnerability is due to a dependency confusion problem in the OpenVSX registry, which is separate from Microsoft's Marketplace trust root.
- ▪An attacker can register an abandoned or never claimed publisher extension namespace on OpenVSX and have every Cursor, Windsurf, or other VS Code fork silently install and run their code.
- ▪The researchers found 126 exact-ID hijacks, including names with millions of installs, where a developer typing the exact trusted identifier can still be handed code that is not the original.
Opening excerpt (first ~120 words) tap to expand
When Your IDE Becomes a RCE EndpointBerk ALBAYRAK21 min read·1 hour ago--ListenSharePress enter or click to view image in full sizeTrendyol CSOC and Application Security research on a live supply-chain technique abusing Cursor and other VS Code-derived editors through the OpenVSX registry.TOCHow we found ourselves looking at thisMeasuring the blast radiusHow Cursor decides what to installWhat changed in June 2025Walking through an attack, step by stepIndicators you can trackHunting for itWhat you should do this weekWhere this goes nextIf your developers run Cursor, VSCodium, Windsurf, or any other fork of VS Code that pulls its extensions from OpenVSX, attacker controlled code is one editor launch away from executing on their machines.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Medium.