Primary

Context

Microsoft GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing authorized attackers to bypass security features over the network has been identified in GitHub Copilot and Visual Studio Code. This issue arises from improper access control, which enables the exploitation of sensitive file protections in Visual Studio Code.

Impact

Exploitation of this vulnerability could lead to unauthorized bypassing of sensitive file protections in Visual Studio Code, allowing access to files that should be protected.

Remediation

Users can download the security update for Visual Studio Code from the Visual Studio Code download page. Instructions for applying the update are available in the release notes for version 1.106.2.

Added: Nov 20, 2025, 11:17 PM

Updated: Nov 20, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating