Primary

Context

Microsoft GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in GitHub Copilot and Visual Studio. This issue allows an unauthorized attacker to execute code remotely. The vulnerability arises from improper neutralization of special elements used in commands, enabling exploitation through crafted prompts that manipulate the application's command execution process.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Remediation

Users can download the security update for Microsoft Visual Studio 2022 versions 18.3 and 17.14 through the Visual Studio Download Center. For version 18.3, the build number is 18.3.0, and for version 17.14, it is 17.14.26.

Added: Feb 10, 2026, 9:30 PM

Updated: Feb 10, 2026, 11:50 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.2

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.2

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio 2022

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating