CVE-2026-41109: Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Affected

2 ranges

Vendor	Product	Version range	Fixed in
microsoft	visual_studio_code	< 1.119.1	1.119.1
microsoft	visual_studio_code	>= 1.0.0 < 1.119.1	1.119.1