Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Insecure default exposes a network-reachable resource needing no auth or interaction (AV:N/AC:L/PR:N/UI:N); impact is confidentiality-only disclosure (C:H/I:N/A:N).
Primary rating from Vendor (microsoft).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
7DescriptionNVD
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Information disclosure in GitHub Copilot Chat for Visual Studio Code (versions 1.0.0 up to but not including 1.123.2) lets a remote, unauthenticated attacker read sensitive data over a network because an insecure default configuration exposes a resource that should be protected. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a victim be running a vulnerable GitHub Copilot Chat extension (1.0.0 through any version below 1.123.2) inside Visual Studio Code, with the affected resource left at its insecure default initialization state, and that the attacker can reach the exposed resource over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and lean toward moderate priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned on the same network as a developer running a vulnerable Copilot Chat version sends crafted requests to the insecurely-initialized resource exposed by the extension and retrieves confidential data without any authentication or user interaction. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N, the request requires no special privileges, no victim action, and only low attack complexity. … |
| Remediation | Vendor-released patch: GitHub Copilot Chat 1.123.2 - upgrade the extension to 1.123.2 or later, which falls outside the affected '<1.123.2' range; in Visual Studio Code this is done through the Extensions pane or by enabling automatic extension updates so the fix rolls out across endpoints. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all developers with GitHub Copilot Chat versions 1.0.0 through 1.123.1 installed. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Github Copilot Chat
View allImproper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extens
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat E
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38089
GHSA-2gq4-362c-56w9