Open VSX Marketplace Vulnerability Allowed Malicious Extensions to Bypass Security Scans
A critical vulnerability in the Open VSX extension marketplace’s pre-publish scanning pipeline, dubbed "Open Sesame," allowed malicious extensions to bypass security checks and be published as "PASSED." The flaw was responsibly disclosed on February 8 and patched by February 11, demonstrating both the severity of the issue and the Open VSX team’s rapid response.
Open VSX, used by platforms like Cursor and Windsurf as an alternative to Microsoft’s VS Code extension registry, introduced the scanning pipeline to detect malware, embedded secrets, suspicious binaries, and name-squatting attempts. The system required extensions to pass both synchronous and asynchronous scans before activation unless a scan failed, in which case the extension would be quarantined.
However, a logic flaw in the scanning service’s boolean return value created a "fail-open" scenario. The system could not distinguish between no scanners configured (a valid case) and all scanner jobs failing (an error condition). Under heavy load, scan jobs would fail silently, and the system would interpret the ambiguous return value as "nothing to scan," automatically approving the extension.
Exploiting the vulnerability required no special privileges any user with a free publisher account could trigger it by flooding the publish API with malicious extensions. Each upload would exhaust shared database resources, causing scan jobs to fail without being registered. The system then treated the failure as a successful scan, publishing the extension as verified.
The impact was significant: malicious extensions could appear legitimate, posing a supply chain risk to developers. The Open VSX team addressed the issue by removing the ambiguous boolean logic and ensuring explicit failure handling, preventing automatic approvals when scans fail.
This incident underscores the dangers of fail-open design in security systems, where ambiguous error handling can collapse critical safeguards under stress. The fix reinforces the principle that security-sensitive workflows should default to denial, not approval, when failures occur.
Source: https://cyberpress.org/open-vsx-vulnerability/
Anysphere cybersecurity rating report: https://www.rankiteo.com/company/anysphereinc
OpenJS Foundation cybersecurity rating report: https://www.rankiteo.com/company/openjs-foundation
Codeium cybersecurity rating report: https://www.rankiteo.com/company/windsurf123321
"id": "ANYOPEWIN1774686278",
"linkid": "anysphereinc, openjs-foundation, windsurf123321",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers using Open VSX '
'extensions (e.g., Cursor, '
'Windsurf users)',
'industry': 'Technology/Software Development',
'name': 'Open VSX Marketplace',
'type': 'Software Marketplace'}],
'attack_vector': 'Exploitation of logic flaw in pre-publish scanning pipeline',
'date_detected': '2024-02-08',
'date_resolved': '2024-02-11',
'description': 'A critical vulnerability in the Open VSX extension '
"marketplace’s pre-publish scanning pipeline, dubbed 'Open "
"Sesame,' allowed malicious extensions to bypass security "
"checks and be published as 'PASSED.' The flaw was a logic "
'error in the scanning service’s boolean return value, '
"creating a 'fail-open' scenario where scan failures were "
"interpreted as 'nothing to scan,' leading to automatic "
'approval of malicious extensions.',
'impact': {'brand_reputation_impact': 'Potential erosion of trust in Open VSX '
'marketplace security',
'operational_impact': 'Malicious extensions could be published as '
"'PASSED,' bypassing security checks",
'systems_affected': 'Open VSX extension marketplace, downstream '
'platforms (e.g., Cursor, Windsurf)'},
'investigation_status': 'Resolved',
'lessons_learned': 'Fail-open designs in security systems can collapse '
'critical safeguards under stress. Security-sensitive '
'workflows should default to denial, not approval, when '
'failures occur.',
'post_incident_analysis': {'corrective_actions': 'Removed ambiguous boolean '
'logic, enforced explicit '
'failure handling, and '
'implemented fail-secure '
'defaults',
'root_causes': 'Logic flaw in scanning service’s '
'boolean return value, ambiguous '
'error handling, and lack of '
'explicit failure conditions under '
'load'},
'recommendations': 'Implement fail-secure mechanisms in security pipelines, '
'enforce explicit error handling, and conduct stress '
'testing to identify ambiguous failure conditions.',
'references': [{'source': 'Responsible Disclosure'}],
'response': {'containment_measures': 'Patch applied to remove ambiguous '
'boolean logic and enforce explicit '
'failure handling',
'remediation_measures': 'Fixed scanning pipeline to prevent '
'automatic approvals when scans fail; '
'ensured fail-secure behavior'},
'title': 'Open VSX Marketplace Vulnerability Allowed Malicious Extensions to '
'Bypass Security Scans',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Fail-open design in security scanning system '
'(CWE-636: Not Failing Securely)'}