Primary

Context

Microsoft GitHub Copilot and Visual Studio Privilege Escalation Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in GitHub Copilot and Visual Studio. This issue allows an authorized attacker to elevate privileges over a network. The vulnerability arises from improper neutralization of special elements used in commands, enabling privilege escalation.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain rights equivalent to the user running the affected application.

Remediation

Users can download the security update for Microsoft Visual Studio 2022 version 18.3 and version 17.14 through the Visual Studio Download Center. For GitHub Copilot, no specific update guidance is available, but users should ensure they are using the latest version.

Added: Feb 10, 2026, 9:29 PM

Updated: Feb 10, 2026, 11:49 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft GitHub Copilot and Visual Studio Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio 2022

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating