HarborGuard / CVE
Back to search
HIGHCVE-2026-21256Published Modified CNA microsoft

CVE-2026-21256: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
17.14.26
Affected Products
2

Fix available

17.14.2618.3.0
Patch commits
Affected packages
  • Microsoft / Microsoft Visual Studio 2022 version 17.14
    < 17.14.26 (from 17.14.0)
  • Microsoft / Microsoft Visual Studio 2026 version 18.3
    < 18.3.0 (from 18.3.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
CVE-2026-21256: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | HarborGuard CVE