OPEN VSX disclosed a bug in its pre-publish scanning pipeline that could let a malicious VS Code extension pass vetting and go live in the registry. The issue boiled down to a single boolean return value that could be interpreted as both “no scanners configured” and “all scanners failed to run,” meaning the caller could not distinguish between a clean result and a failed scan, according to Koi Security.
The vulnerability, codenamed Open Sesame, was patched in Open VSX version 0.32.0 last month after responsible disclosure on 8 February 2026. The Eclipse Foundation, which maintains Open VSX, described the vulnerability as allowing a malicious actor with a free publisher account to trigger the weakness and publish an extension by exploiting the flawed pre-publish logic.
Open VSX also serves as the extension marketplace for Cursor, Windsurf, and other VS Code forks, with quarantining applied to extensions that fail pre-publish scanning pending admin review. The fix aims to prevent such rogue extensions from slipping through the process in future, though the report cautions that fail-open patterns can undermine similar pipelines.