Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-43891. PoCs published by parsiya.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2021-43907, a remote code execution vulnerability in Visual Studio Code's Remote WSL extension. The exploit leverages a Node.js server to interact with the VS Code Debug Adapter (VSDA) and execute arbitrary commands.
Description
Visual Studio Code Remote Code Execution Vulnerability
Exploits (1)
nomisec
WORKING POC
3 stars
by parsiya · poc
https://github.com/parsiya/code-wsl-rce
This repository contains a proof-of-concept exploit for CVE-2021-43907, a remote code execution vulnerability in Visual Studio Code's Remote WSL extension. The exploit leverages a Node.js server to interact with the VS Code Debug Adapter (VSDA) and execute arbitrary commands.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Visual Studio Code Remote WSL extension
No auth needed
Prerequisites:
Access to the target's WSL environment · VS Code with Remote WSL extension installed
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43891
Scores
CVSS v3
7.8
EPSS
0.1173
EPSS Percentile
95.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
microsoft/visual_studio_code
< 1.63.2
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026