CVE-2026-25931 | streetsidesoftware vscode-spell-checker up to 4.5.3 package.json cSpell.trustedWorkspace default permission (GHSA-mggq-68mr-58vj)

Inserito da Angelo Barbosa | Feb 10, 2026 | CVE

A vulnerability was found in streetsidesoftware vscode-spell-checker up to 4.5.3 and classified as critical. This vulnerability affects unknown code of the file package.json. Such manipulation of the argument cSpell.trustedWorkspace leads to incorrect default permissions.

This vulnerability is uniquely identified as CVE-2026-25931. Local access is required to approach this attack. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-25931 | streetsidesoftware vscode-spell-checker up to 4.5.3 package.json cSpell.trustedWorkspace default permission (GHSA-mggq-68mr-58vj)

Post correlati

CVE-2024-38221 | Microsoft Edge up to 128.0.2739.42 cross site scripting

CVE-2024-0155 | Dell Digital Delivery prior 5.0.86.0 use after free (dsa-2024-033)

CVE-2024-4710 | Uber Menu Plugin up to 3.8.2 on WordPress Shortcode cross site scripting

CVE-2024-51897 | Erik Saulnier News Articles Plugin up to 1.0.0 on WordPress cross site scripting