CVE-2026-57102 is a Visual Studio Code security feature bypass vulnerability, described as an inclusion of functionality from an untrusted control sphere. Microsoft rates it with a CVSS v3.1 base score of 8.8 (High) and temporal score of 7.7. The vector is network-based, requires low attack complexity, no privileges, and user interaction, with high confidentiality, integrity, and availability impacts. Microsoft lists exploit status as not publicly disclosed and not exploited, with exploit code maturity unproven and exploitation unlikely. Because user interaction is required, this is less severe than a no-interaction network issue, but it still presents enterprise risk where users may open untrusted content in VS Code. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Security Feature Bypass with HIGH confidentiality, HIGH integrity, and HIGH availability impacts - Exploitation likelihood: Exploitation Unlikely; network vector, LOW attack complexity, NO privileges required, and user interaction required - Severity for enterprise: High severity by CVSS, with higher relevance for environments where users regularly handle untrusted files, links, or extensions in Visual Studio Code - Patch status: available; customer action required Affected systems: - No products listed in source data