Primary

Context

Microsoft GitHub Copilot and Visual Studio Code Time-of-Check Time-of-Use Race Condition Remote Code Execution Vulnerability

Vulnerability

A time-of-check time-of-use (TOCTOU) race condition has been identified in GitHub Copilot and Visual Studio Code. This vulnerability allows an authorized attacker to execute code remotely. The issue arises from prompt injection, where the system is manipulated into carrying out instructions controlled by the attacker. This can lead to remote code execution by causing backend components or integrated tools to execute unintended commands.

Impact

Exploitation of this vulnerability could result in unauthorized remote code execution on the affected system.

Remediation

Users can download the security update for Visual Studio Code from the Visual Studio Code website. For GitHub Copilot, no specific update instructions are provided, but users should ensure they are using the latest version.

Added: Feb 10, 2026, 9:25 PM

Updated: Feb 11, 2026, 1:47 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft GitHub Copilot and Visual Studio Code Time-of-Check Time-of-Use Race Condition Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating