Primary

Context

GitHub Copilot for JetBrains Remote Code Execution Vulnerability

Vulnerability

A command injection vulnerability has been identified in the GitHub Copilot plugin for JetBrains IDEs. This issue allows unauthorized attackers to execute code remotely over the network. The vulnerability arises from improper neutralization of special elements used in commands, enabling command injection attacks.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for the GitHub Copilot plugin for JetBrains IDEs from the JetBrains Plugin Repository. Instructions are available in the release notes.

Added: Feb 10, 2026, 6:32 PM

Updated: Feb 11, 2026, 1:51 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitHub Copilot for JetBrains Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating