CVE-2026-46508 Overview
CVE-2026-46508 is a command injection vulnerability in the Turborepo Language Server Protocol (LSP) VS Code extension. The extension executed shell commands built through string concatenation using values controlled by the workspace. A malicious repository could supply crafted task names or workspace settings that the extension interpolated into shell commands. When a developer opened the workspace or ran a task, the shell interpreted those values, executing arbitrary commands with the privileges of the local VS Code process. Vercel fixed the issue in Turborepo 2.9.14000.
Critical Impact
Opening a malicious repository in VS Code with the Turborepo LSP extension installed can result in arbitrary command execution under the developer's user account.
Affected Products
- Vercel Turborepo Language Server Protocol extension for Visual Studio Code
- All versions prior to 2.9.14000
- Developer workstations with the Turborepo LSP extension installed and active
Discovery Timeline
- 2026-05-15 - CVE-2026-46508 published to NVD
- 2026-05-19 - Last updated in NVD database
Technical Details for CVE-2026-46508
Vulnerability Analysis
The Turborepo LSP VS Code extension built shell command strings for daemon operations and task execution by concatenating workspace-controlled inputs. Task names defined in turbo.json and values pulled from workspace settings were inserted directly into command strings. The extension then passed these strings to a shell interpreter rather than executing them through an argument array. The vulnerability is classified as Improper Neutralization of Special Elements used in a Command [CWE-77].
Exploitation requires a developer to open a malicious repository while the extension is active or to run a task through the extension. No authentication is required, but user interaction is necessary to load the repository. The attack vector is local because the attacker must deliver the crafted workspace to the victim.
Root Cause
The extension used string-based command execution instead of safer APIs that pass arguments as discrete parameters. Shell metacharacters such as ;, &&, |, and backticks inside attacker-controlled task names were treated as command separators. Because the extension did not validate or escape these inputs, repository content effectively controlled the command line passed to the shell.
Attack Vector
An attacker publishes a repository containing a turbo.json task name or a .vscode/settings.json value that includes shell metacharacters and embedded payloads. When a victim clones and opens the repository in VS Code, the Turborepo LSP extension activates and processes the workspace. Activation or task invocation triggers shell execution of the attacker-supplied payload. Commands run with the same privileges as the VS Code process, providing full access to the developer's files, SSH keys, and source code.
No verified proof-of-concept code is publicly available. Refer to the GitHub Security Advisory GHSA-5xc8-49mv-x4mm for vendor-supplied technical details.
Detection Methods for CVE-2026-46508
Indicators of Compromise
- Unexpected child processes spawned by the VS Code or Turborepo LSP process, such as sh, bash, cmd.exe, or powershell.exe running unfamiliar command lines
- Outbound network connections from developer workstations shortly after opening a new repository
- Modifications to shell profile files (~/.bashrc, ~/.zshrc, ~/.profile) or scheduled tasks created during VS Code sessions
- Reads of sensitive files such as ~/.ssh/id_rsa, browser credential stores, or cloud provider credential files by VS Code child processes
Detection Strategies
- Inventory VS Code installations across developer endpoints and identify versions of the Turborepo LSP extension older than 2.9.14000
- Monitor for shell metacharacters appearing in turbo.json task names within repositories under development
- Alert on process trees where the VS Code extension host spawns shells that subsequently launch reconnaissance or exfiltration utilities such as curl, wget, or nc
Monitoring Recommendations
- Capture EDR telemetry on the VS Code process and its descendants, focusing on command-line arguments containing shell control characters
- Track file access events targeting credential stores from any process descended from VS Code
- Audit repository clone events on developer machines and correlate them with subsequent anomalous process activity
How to Mitigate CVE-2026-46508
Immediate Actions Required
- Update the Turborepo LSP VS Code extension to version 2.9.14000 or later on all developer workstations
- Disable or uninstall the extension until the update can be deployed if exposure to untrusted repositories is likely
- Avoid opening untrusted repositories in VS Code, and use Workspace Trust to restrict extension activation for unknown sources
Patch Information
Vercel released a fix in Turborepo 2.9.14000. The patch replaces string-based shell execution with safer command invocation that passes arguments as discrete parameters rather than interpolating them into a shell command line. Details are published in the Vercel Turborepo Security Advisory GHSA-5xc8-49mv-x4mm.
Workarounds
- Enable VS Code Workspace Trust and only grant trust to repositories from verified sources
- Review turbo.json and .vscode/settings.json for unexpected shell metacharacters before opening a repository
- Run VS Code under a least-privilege user account or inside a development container to limit blast radius
# Verify and update the Turborepo LSP extension version
code --list-extensions --show-versions | grep -i turbo
code --install-extension Vercel.turbo-vsc --force
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
