VS Code Security Flaw: Terminal Auto-Replies Could Execute Code Across Workspaces

A critical vulnerability in Microsoft's Visual Studio Code (VS Code) editor allowed commands to be automatically and repeatedly executed across different workspaces, effectively enabling cross-workspace code execution. The flaw, present in VS Code version 1.109 and earlier, resided in the `terminal.integrated.autoReplies` configuration setting. This feature, designed to automate terminal responses, could be exploited to trigger commands in previously trusted folders. Crucially, the malicious behavior would persist as a user navigated between different project folders within the same application window, only ceasing when a completely new, fresh window was opened.

The vulnerability, tracked as CVE-2026-21523, has been patched in VS Code version 1.109.1. The fix involved marking the `terminal.integrated.autoReplies` setting as `restricted: true`, which prevents the dangerous persistence of auto-replies across folder boundaries. Microsoft has published a security advisory (GHSA-3pwg-f3hj-wp8p) detailing the issue. Until users can update, the recommended workaround is to avoid reusing a single VS Code window to open multiple folders, especially those with automatic tasks, and instead open a new window for each distinct workspace.

This flaw represents a significant security risk for developers, particularly in environments where VS Code is used to switch between projects of varying trust levels. The persistence of the auto-reply behavior could lead to unintended code execution in a context where a developer believes they are in a safe, isolated workspace. The patch underscores the ongoing challenge of securing complex, extensible developer tools where configuration settings can have unforeseen and far-reaching security consequences.