# CVE-2021-26700

To make this exploit succeed, following steps are required:
1. Download the npm extension file though this [api](, storing it at some local path $EXTENSION_PATH.
2. Change the extension file's name to "npm-extension.vsix".
2. Install the extension though the command `code --force --install-extension $EXTENSION_PATH/npm-extension.vsix`. Note that the extension might be auto updated anytime, so make sure that the npm extension vesion is v0.3.13 before you start exploiting (If not, just run the command again).