Angular Language Service extension flaws expose VS Code users to remote code execution risks

Developers using older versions of the Angular Language Service extension for Visual Studio Code should update immediately after multiple high-severity remote code execution vulnerabilities were disclosed. The flaws affect Angular.ng-template versions before 21.2.4 and can allow malicious project files or crafted comments to execute code on a developer’s machine.

The issues were published in the official GitHub security advisory for the Angular project. The advisory says the bugs create separate execution paths, including a JSDoc hover command injection issue and an insecure TypeScript SDK loading issue.

The most serious part is the developer workflow angle. A victim does not need to run an obvious executable. Opening a malicious repository or reviewing crafted source code in VS Code can be enough to create risk if the vulnerable extension is active.

What is affected

The vulnerabilities affect the Angular Language Service VS Code extension, published as Angular.ng-template. The extension helps developers work with Angular templates by adding completions, diagnostics, quick info, and navigation features.

The Visual Studio Marketplace listing describes the extension as editor tooling for Angular templates, including inline and external templates. It also notes that the extension loads TypeScript from several possible locations, including paths specified through workspace settings.

Angular patched the issue in version 21.2.4. The Angular release notes for VSCode Extension 21.2.4 list fixes that disable the language server in untrusted workspaces, restrict JSDoc markdown trust, and add confirmation before loading a workspace TypeScript SDK.

Item	Details
Product	Angular Language Service extension for Visual Studio Code
Extension ID	Angular.ng-template
Advisory	GHSA-ccq4-xmxr-8hcq
Affected versions	Versions before 21.2.4
Patched version	21.2.4
Severity	High, CVSS 8.7

Two attack paths were disclosed

The first attack path involves JSDoc hover content. The vulnerable extension trusted markdown content shown in hover tooltips, while the language server did not properly escape certain JSDoc strings before rendering them.

An attacker could place a malicious JSDoc comment in a TypeScript or JavaScript file inside a project or dependency. When a developer hovers over the affected symbol and clicks the crafted link, VS Code may execute a command URI on the host machine.

The second attack path involves workspace TypeScript SDK settings. A malicious repository can include a .vscode/settings.json file that points the extension to a local TypeScript SDK path containing a malicious tsserverlibrary.js file.

The tsdk issue can run with no clicks

The TypeScript SDK loading issue is more dangerous because it can run during workspace initialization. The vulnerable extension reads tsdk-related workspace settings and passes the path to the background language server.

During startup, the language server loads tsserverlibrary.js from the workspace-controlled path through Node.js. The GitHub security advisory says this can execute a malicious script silently when the project is opened.

This creates a serious risk for developers who clone unknown repositories, review external code, test proof-of-concept projects, or inspect dependencies locally.

Attack path	User action needed	Risk
JSDoc hover command injection	Developer opens the file, hovers, and clicks the crafted link	Command execution through trusted hover markdown
Workspace tsdk loading	Developer opens a malicious workspace	Silent code execution during extension startup
Malicious dependency review	Developer inspects source files from a package	Exploit content can hide inside normal code review activity

Why Workspace Trust matters here

Visual Studio Code’s Workspace Trust feature helps users decide whether project code can execute automatically through VS Code or installed extensions. The official VS Code Workspace Trust documentation says Restricted Mode aims to prevent automatic code execution from unfamiliar folders.

The Angular advisory says these vulnerabilities could bypass the expected protection boundaries in some cases. That is why the patched release includes changes to disable the language server in untrusted workspaces and ask before loading workspace-supplied TypeScript SDK paths.

Developers should still treat Workspace Trust as an important layer, not a complete guarantee. The safest habit is to open unfamiliar repositories in Restricted Mode first, inspect their configuration files, and update extensions before reviewing code.

• Open unknown repositories in Restricted Mode.
• Review .vscode/settings.json before trusting a workspace.
• Check for suspicious typescript.tsdk or js/ts.tsdk.path entries.
• Be careful with hover links inside unfamiliar code.
• Update Angular.ng-template to 21.2.4 or later.
• Remove or avoid unnecessary workspace TypeScript SDK overrides.

What changed in version 21.2.4

Angular’s VSCode Extension 21.2.4 release contains several security-focused changes. These include disabling the language server in untrusted workspaces, restricting markdown trust for JSDoc hover content, and prompting before loading a workspace TypeScript SDK.

The Angular release notes also list a fix for looking up the tsdk override through the newer js/ts.tsdk.path setting. These changes directly address the paths described in the advisory.

Developers should update through VS Code’s extension manager or reinstall the extension from its official marketplace page. The Visual Studio Marketplace listing remains the primary public listing for the Angular Language Service extension.

Who should be most concerned

The risk is highest for developers who regularly open third-party Angular projects, review unknown pull requests locally, test public proof-of-concept repositories, or work with dependencies from untrusted sources.

Security teams should also pay attention in enterprise environments where VS Code extensions are preinstalled across developer workstations. A vulnerable extension can turn normal source-code review into a local compromise path.

The official Angular Language Service documentation explains that the tool provides editor services for Angular templates and is maintained for VS Code by the Angular team. Because the extension sits inside the editor workflow, a security issue can affect daily development activity directly.

Developer group	Why the risk is higher
Open-source maintainers	They often review unfamiliar repositories and pull requests
Security researchers	They frequently open proof-of-concept projects from unknown sources
Enterprise Angular teams	The same vulnerable extension may be installed across many machines
Package auditors	They inspect third-party code and dependencies locally

How developers can reduce the risk

The first step is to update Angular.ng-template to version 21.2.4 or later. Developers should then restart VS Code and confirm that the extension version shown in the Extensions panel is no longer below the patched version.

Teams should also review workspace settings in repositories they maintain. Avoid setting typescript.tsdk or js/ts.tsdk.path unless the project truly needs it, and document the reason when such overrides exist.

The Angular Language Service documentation says the service supports several editors and provides completions, diagnostics, quick info, and navigation. Developers should keep that tooling current because language-service extensions run close to source code and project settings.

1. Open VS Code.
2. Go to Extensions.
3. Search for Angular Language Service.
4. Update Angular.ng-template to 21.2.4 or later.
5. Restart VS Code.
6. Open unknown repositories in Restricted Mode before trusting them.

Enterprise response steps

Organizations should inventory installed VS Code extensions across developer devices and confirm that Angular.ng-template is updated. Teams that use managed developer environments should update base images, dev containers, and onboarding scripts.

Security teams should also search repositories for workspace settings that override TypeScript SDK paths. A suspicious local tsdk path in a repository should trigger review, especially if it points to a folder that includes tsserverlibrary.js.

The VS Code Workspace Trust documentation recommends leaving a folder in Restricted Mode when in doubt. That guidance applies strongly here because the vulnerable behavior connects directly to project trust decisions.

Bottom line

The Angular Language Service flaws show how developer tools can become attack paths when they trust project-controlled input too much. The vulnerabilities affect versions before 21.2.4 and can lead to remote code execution through malicious comments or workspace configuration.

Developers should update the extension immediately, avoid trusting unknown repositories too quickly, and review workspace settings before opening third-party Angular projects in a fully trusted VS Code session.

For teams, this is also a reminder to treat editor extensions as part of the software supply chain. They handle source code, run inside trusted workflows, and can become high-impact security risks when vulnerable.

FAQ