Cybersecurity researchers have disclosed particulars of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to trigger the software to permit a malicious Microsoft Visible Studio Code (VS Code) extension to go the vetting course of and go stay within the registry.
“The pipeline had a single boolean return worth that meant each ‘no scanners are configured’ and ‘all scanners didn’t run,'” Koi Safety researcher Oran Simhony stated in a report shared with The Hacker Information. “The caller could not inform the distinction. So when scanners failed beneath load, Open VSX handled it as ‘nothing to scan for’ and waved the extension proper by means of.”
Early final month, the Eclipse Basis, which maintains Open VSX, introduced plans to implement pre-publish security checks earlier than VS Code extensions are printed to the repository in an try to sort out the rising downside of malicious extensions.
With Open VSX additionally serving because the extension market for Cursor, Windsurf, and different VS Code forks, the transfer was seen as a proactive method to stop rogue extensions from getting printed within the first place. As a part of pre-publish scanning, extensions that fail the method are quarantined for admin overview.
The vulnerability found by Koi, codenamed Open Sesame, has to do with how this Java-based service reviews the scan outcomes. Particularly, it is rooted in the truth that it misinterprets scanner job failures as no scanners are configured, inflicting an extension to be marked as passes, after which instantly activated and made out there for obtain from Open VSX.
On the identical time, it might probably additionally check with a state of affairs the place the scanners exist, and the scanner jobs have failed and can’t be enqueued as a result of the database connection pool is exhausted. Much more troublingly, a restoration service designed to retry failed scans suffered from the identical downside, thereby permitting extensions to skip all the scanning course of beneath sure circumstances.
An attacker can benefit from this weak point to flood the publish endpoint with a number of malicious .VSIX extensions, inflicting the concurrent load to exhaust the database connection pool. This, in flip, results in a state of affairs the place scan jobs fail to enqueue.
What’s notable in regards to the assault is that it doesn’t require any particular privileges. A malicious actor with a free writer account might have reliably triggered this vulnerability to undermine the scanning course of and get their extension printed. The problem was addressed in Open VSX model 0.32.0 final month following accountable disclosure on February 8, 2026.
“Pre-publish scanning is a vital layer, however it’s one layer,” Koi stated. “The pipeline’s design is sound, however a single boolean that could not distinguish between ‘nothing to do’ and ‘one thing went flawed’ turned all the infrastructure right into a gate that opened beneath strain.”
“It is a widespread anti-pattern: fail-open error dealing with hiding behind a code path designed for a reliable ‘nothing to do’ case. If you happen to’re constructing related pipelines, make failure states express. By no means let ‘no work wanted’ and ‘work failed’ share a return worth.”
