CVE-2026-21518
published 2026-02-10CVE-2026-21518: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_code_copilot_chat_extension | >= 0.27.0 < 0.37.1 | 0.37.1 |
| microsoft | visual_studio_code | < 1.109.2 | 1.109.2 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.110.1 | 1.110.1 |
| msrc | microsoft_visual_studio_code_copilot_chat_extension | — | — |
| msrc | visual_studio_code | — | — |