Cybersecurity researchers have detailed a patched bug that affects Open VSX’s pre-publication scanning pipeline and allows the tool to bypass the review process and publish malicious Microsoft Visual Studio Code (VS Code) extensions to the registry.
“The pipeline had a single Boolean return value that meant both ‘no scanners configured’ and ‘all scanners failed to run,'” Koi Security researcher Oran Simhony said in a report shared with The Hacker News. “The caller couldn’t tell the difference, so when the scanner failed under load, Open VSX treated it as ‘nothing to scan’ and just passed on the extension.”
Early last month, the Eclipse Foundation, which manages Open VSX, announced plans to force pre-publication security checks before publishing VS Code extensions to repositories to address the growing problem of malicious extensions.
Since Open VSX also serves as an extension marketplace for Cursor, Windsurf, and other VS Code forks, this move was seen as a proactive approach to prevent unauthorized extensions from being published in the first place. As part of pre-publication scanning, extensions that fail the process are quarantined for administrator review.
The vulnerability discovered by Koui, codenamed Open Sesame, concerns the way this Java-based service reports scan results. Specifically, this is due to the fact that the scanner incorrectly interprets a scanner job failure because it is not configured, and the extension is marked as a path and is immediately activated and available for download from Open VSX.
At the same time, it can also refer to a scenario where a scanner exists and the scanner job fails and cannot be queued because the database connection pool is exhausted. Even more troubling, the same problem occurred with recovery services designed to retry failed scans, allowing the extension to skip the entire scanning process under certain conditions.
An attacker could exploit this vulnerability by flooding a public endpoint with several malicious .VSIX extensions, potentially starving the database connection pool under concurrent load. This results in a scenario where scan jobs are no longer queued.
What’s notable about this attack is that it does not require any special privileges. A malicious attacker with a free publisher account could reliably trigger this vulnerability to compromise the scanning process and publish extensions. This issue was resolved in Open VSX version 0.32.0 last month following a responsible disclosure on February 8, 2026.
“Pre-publication scanning is an important layer, but it’s one layer,” Coy said. “While the pipeline design is sound, a single Boolean value that cannot distinguish between ‘do nothing’ and ‘something went wrong’ has turned the entire infrastructure into a gate that opens under pressure.”
“This is a common anti-pattern: fail-open error handling hidden behind a code path designed for legitimate ‘do nothing’ cases. If you’re building similar pipelines, make failure conditions explicit. Avoid ‘no work required’ and ‘work failed’ sharing return values.”
Source link
