A critical vulnerability in the Open VSX extension marketplace allowed malicious Visual Studio Code extensions to bypass newly introduced pre-publish security checks and be listed as safe. The issue, discovered by researchers at Koi Security, has since been patched, but it exposed significant risks in the platform’s verification system.
The flaw, codenamed “Open Sesame,” originated from a logic error in the scanning pipeline. A single boolean value was used to represent two different outcomes—either no scanners were configured or all scanners failed to execute. As a result, when the scanning system failed under heavy load, the platform misinterpreted this as “nothing to scan,” allowing potentially malicious extensions to pass verification and go live.
Open VSX, maintained by the Eclipse Foundation, serves as an extension marketplace not only for Visual Studio Code but also for its forks such as Cursor and Windsurf. The platform had recently implemented mandatory pre-publish scanning to curb the growing threat of malicious extensions, with failed scans intended to trigger quarantine for manual review. However, due to this flaw, the safeguard could be bypassed entirely.
Researchers noted that attackers did not require special privileges to exploit the issue. By overwhelming the system and causing scan failures, even users with basic publisher accounts could potentially upload harmful extensions that would be automatically approved and distributed to developers.
The vulnerability was responsibly disclosed in February 2026 and fixed within a few days. Despite the quick remediation, the incident highlights ongoing concerns around software supply chain security, especially as development environments increasingly rely on third-party extensions that can serve as entry points for large-scale attacks.
