Microsoft Visual Studio Code Copilot Chat Extension

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-23653 MEDIUM PATCH This Month

Command injection in GitHub Copilot Chat Extension for Visual Studio Code allows authenticated attackers with user interaction to disclose sensitive information over a network. The vulnerability affects CoPilot Chat Extension versions before 0.37.3 and requires an authorized user to interact with a crafted prompt or input. Microsoft has released a patched version (0.37.3) to remediate this CWE-77 command injection flaw.

Command Injection Microsoft Visual Studio Code Copilot Chat Extension
NVD VulDB
CVSS 3.1
5.7
EPSS
0.1%
CVE-2026-23653
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Command injection in GitHub Copilot Chat Extension for Visual Studio Code allows authenticated attackers with user interaction to disclose sensitive information over a network. The vulnerability affects CoPilot Chat Extension versions before 0.37.3 and requires an authorized user to interact with a crafted prompt or input. Microsoft has released a patched version (0.37.3) to remediate this CWE-77 command injection flaw.

Command Injection Microsoft Visual Studio Code Copilot Chat Extension
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy