Type: Bug
VS Code extensions are currently able to install and register Model Context Protocol (MCP) servers that are not defined in an organization’s private MCP registry.
From an enterprise governance and security perspective, this behavior is problematic. When a private MCP registry is configured, VS Code should enforce it as an allowlist, preventing extensions from installing, registering, or invoking any MCP servers that are not explicitly declared in that registry.
As it stands:
Extensions can introduce MCP servers outside of the approved registry.
Administrators have no reliable way to prevent or audit this behavior using existing controls.
This undermines efforts by organizations to strictly control which MCP servers are permitted in regulated or locked-down environments.
Impact
This affects any organization attempting to:
Enforce supply chain and AI tool governance
Meet regulatory or compliance requirements
Maintain a strict allowlist of sanctioned MCP servers
Without stronger enforcement, extensions can unintentionally or intentionally bypass organizational policy, creating both security and compliance gaps.
VS Code version: Code 1.119.0 (Universal) (8b640eef5a6c6089c029249d48efa5c99adf7d51, 2026-05-05T11:23:50-07:00)
OS version: Darwin arm64 25.4.0
Modes:
Type: Bug
VS Code extensions are currently able to install and register Model Context Protocol (MCP) servers that are not defined in an organization’s private MCP registry.
From an enterprise governance and security perspective, this behavior is problematic. When a private MCP registry is configured, VS Code should enforce it as an allowlist, preventing extensions from installing, registering, or invoking any MCP servers that are not explicitly declared in that registry.
As it stands:
Extensions can introduce MCP servers outside of the approved registry.
Administrators have no reliable way to prevent or audit this behavior using existing controls.
This undermines efforts by organizations to strictly control which MCP servers are permitted in regulated or locked-down environments.
Impact
This affects any organization attempting to:
Enforce supply chain and AI tool governance
Meet regulatory or compliance requirements
Maintain a strict allowlist of sanctioned MCP servers
Without stronger enforcement, extensions can unintentionally or intentionally bypass organizational policy, creating both security and compliance gaps.
VS Code version: Code 1.119.0 (Universal) (8b640eef5a6c6089c029249d48efa5c99adf7d51, 2026-05-05T11:23:50-07:00)
OS version: Darwin arm64 25.4.0
Modes: