CVE-2026-21523
published 2026-02-10CVE-2026-21523: Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_code_copilot_chat_extension | >= 0.27.0 < 0.37.1 | 0.37.1 |
| microsoft | visual_studio_code | < 1.109.2 | 1.109.2 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.110.1 | 1.110.1 |
| msrc | microsoft_visual_studio_code_copilot_chat_extension | — | — |
| msrc | visual_studio_code | — | — |