Primary

Context

Microsoft Visual Studio Code and GitHub Copilot Path Traversal Vulnerability Allowing Security Feature Bypass

Vulnerability

Patched

A path traversal vulnerability has been identified in the GitHub Copilot and Visual Studio Code applications. This issue allows an unauthorized attacker to locally bypass a security feature by improperly limiting a pathname to a restricted directory. The vulnerability affects several different versions and ranges of Visual Studio Code, as well as the GitHub Copilot Chat Extension.

Impact

Exploitation of this vulnerability can lead to a security feature bypass, allowing for unauthorized actions or access that should be restricted.

Remediation

Users can download the security update for the Microsoft Visual Studio Code Copilot Chat Extension from the Visual Studio Code website. For detailed release notes, visit the Visual Studio Code update page.

Added: Jun 9, 2026, 6:45 PM

Updated: Jun 9, 2026, 6:45 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.3

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.3

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Visual Studio Code and GitHub Copilot Path Traversal Vulnerability Allowing Security Feature Bypass

Vulnerability

Impact

Remediation

Affected Products

Microsoft GitHub Copilot

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating