Cybersecurity researchers have disclosed a critical bug in Open VSX that allowed malicious Visual Studio Code (VS Code) extensions to bypass pre-publish security scans and appear in the registry as legitimate extensions. The flaw, now patched, highlights the risks in automated extension vetting pipelines.
Vulnerability Overview
The bug, dubbed Open Sesame by researchers at Koi Security, stemmed from how Open VSX’s Java-based pre-publish scanning service interpreted scan results. A single boolean return value caused the system to misread scanner failures as “no scanners configured”, allowing extensions to pass the vetting process and go live.
“The pipeline had a single boolean return value that meant both ‘no scanners are configured’ and ‘all scanners failed to run,’” said Oran Simhony from Koi Security. “Under load, Open VSX treated scanner failures as if nothing needed scanning and approved the extensions.”
The vulnerability could be triggered by any registered publisher account. By flooding the publish endpoint with multiple malicious .VSIX packages, an attacker could exhaust database connections, causing scan jobs to fail and the extensions to bypass security checks entirely.
Impact and Risk
Open VSX serves not only as a VS Code extension repository but also as the marketplace for Cursor, Windsurf, and other VS Code forks. Extensions published via this platform gain immediate availability to thousands of users.
While no exploitation in the wild has been publicly reported, the flaw allowed pre-publish security to fail silently, effectively opening the gate for rogue extensions to propagate undetected.
Patch and Mitigation
The Eclipse Foundation, which maintains Open VSX, released a fix in version 0.32.0 after the issue was responsibly disclosed on February 8, 2026. Users and extension maintainers are strongly encouraged to:
- Upgrade to Open VSX 0.32.0 or later.
- Review recently published extensions for unusual behavior or unauthorized code.
- Implement additional runtime security checks for extension code before deployment.
Security Takeaways
Researchers emphasized that this bug is an example of a fail-open anti-pattern, where a system unintentionally grants access when errors occur.
“Fail-open error handling hiding behind a legitimate ‘nothing to do’ path is dangerous. Make failure states explicit. Never let ‘no work needed’ and ‘work failed’ share a return value,” said Simhony.
The incident underscores the importance of robust pre-publish scanning, failure handling, and continuous monitoring to secure extension ecosystems and downstream users.
