Skip to main content

GitHub Copilot CVE-2026-45482

| EUVDEUVD-2026-35547 HIGH
Path Traversal (CWE-22)
2026-06-09 secure@microsoft.com GHSA-f78m-9xhc-p52v
8.4
CVSS 3.1 · Vendor: microsoft
Temporal: 7.3
Share

Severity by source

Vendor (microsoft) PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
7.3 HIGH
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:21 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.4

DescriptionCVE.org

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

AnalysisAI

Security feature bypass via path traversal in GitHub Copilot and Visual Studio Code allows a local unauthorized attacker to escape a restricted directory and reach files or resources that should be inaccessible. The flaw is tracked under CWE-22 with a CVSS 3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N) reflecting high confidentiality, integrity, and availability impact from local exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

The vulnerability sits in the GitHub Copilot extension and the Visual Studio Code editor, both Microsoft developer tooling that processes workspace files, configuration, and AI prompt context on the local user's machine. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) indicates that input used to construct a filesystem path is not sufficiently normalized or canonicalized, so sequences such as '../' or absolute paths can break out of an intended sandbox or workspace root. In a Copilot/VS Code context this typically manifests in features that resolve file references from prompts, project metadata, settings, or extension messages, where the path-handling routine trusts attacker-influenced input to remain inside an allowlisted directory. CPE data was not included in the supplied intelligence, so exact build identifiers must be retrieved from the Microsoft Security Response Center advisory.

RemediationAI

Apply the Microsoft-supplied update for Visual Studio Code and the GitHub Copilot extension as published in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45482; exact fixed version numbers were not included in the supplied data, so cite the build IDs listed in that advisory when planning rollout. Patch available per vendor advisory. As compensating controls until updates are deployed, restrict developers from opening untrusted workspaces by enabling VS Code Workspace Trust in restricted mode (which disables many extension capabilities and may reduce Copilot functionality), disable or unload the GitHub Copilot extension on machines that handle sensitive secrets (trade-off: loss of AI assistance), and avoid cloning or opening repositories from unvetted sources since local-vector exploitation typically requires attacker-influenced project content. Endpoint monitoring for unexpected file reads outside workspace roots by Code.exe / code processes can serve as a detection backstop.

CVE-2022-41034 HIGH POC
7.8 Oct 11

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2022-30129 HIGH POC
8.8 May 10

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2026-47281 CRITICAL
9.6 Jun 09

Privilege escalation in Microsoft Visual Studio Code allows remote unauthenticated attackers to elevate privileges over

CVE-2026-57102 HIGH
8.8 Jul 14

Security-feature bypass in Microsoft Visual Studio Code lets a remote attacker deliver functionality from an untrusted c

CVE-2026-41109 HIGH
8.8 May 12

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and

CVE-2024-43488 CRITICAL
9.8 Oct 08

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attac

CVE-2026-50520 HIGH
8.4 Jul 14

Local code execution in Microsoft Visual Studio Code stems from a command injection flaw (CWE-77) that lets an attacker

CVE-2026-40376 HIGH
8.1 Jun 09

Privilege escalation in Microsoft Visual Studio Code versions 1.0.0 through 1.119.0 allows remote unauthenticated attack

CVE-2026-47292 HIGH
7.8 Jun 09

Local privilege elevation in Microsoft Visual Studio Code allows an unprivileged attacker to gain higher privileges on a

CVE-2026-41611 HIGH
7.8 May 12

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthoriz

CVE-2026-21518 HIGH
8.8 Feb 10

GitHub Copilot and Visual Studio Code are vulnerable to command injection attacks that allow unauthenticated attackers t

CVE-2024-26165 HIGH
8.8 Mar 12

Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely

Share

CVE-2026-45482 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy