Primary

Context

Microsoft GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in GitHub Copilot and Visual Studio Code. This issue allows an unauthorized attacker to bypass a security feature, potentially including authentication, over the network. The vulnerability arises from improper neutralization of special elements used in commands, enabling exploitation that could lead to unauthorized actions or impersonation.

Impact

Exploitation of this vulnerability can bypass security features, such as authentication, allowing for unauthorized access or actions within the application.

Remediation

Users can download the security update for Visual Studio Code from the Visual Studio Code download page. For GitHub Copilot, refer to the GitHub Copilot documentation or support channels for guidance on updating or addressing this vulnerability.

Added: Feb 10, 2026, 6:31 PM

Updated: Feb 11, 2026, 1:49 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

2.8

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

2.8

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating