CVE-2025-66389
- EPSS 0.85%
- Veröffentlicht 22.06.2026 00:00:00
- Zuletzt bearbeitet 30.06.2026 00:05:38
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
CVE-2026-50519
- EPSS 0.51%
- Veröffentlicht 19.06.2026 20:28:35
- Zuletzt bearbeitet 29.06.2026 15:13:21
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-41109
- EPSS 0.86%
- Veröffentlicht 12.05.2026 16:58:55
- Zuletzt bearbeitet 15.05.2026 15:27:35
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21518
- EPSS 1.36%
- Veröffentlicht 10.02.2026 18:16:34
- Zuletzt bearbeitet 23.02.2026 17:23:27
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- EPSS 0.79%
- Veröffentlicht 10.02.2026 18:16:34
- Zuletzt bearbeitet 11.02.2026 21:41:36
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21516
- EPSS 0.81%
- Veröffentlicht 10.02.2026 18:16:33
- Zuletzt bearbeitet 11.02.2026 21:40:45
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVE-2025-64671
- EPSS 0.33%
- Veröffentlicht 09.12.2025 17:56:06
- Zuletzt bearbeitet 12.12.2025 13:57:32
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.