CVE-2026-45482: Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Synopsis

A path traversal vulnerability in the GitHub Copilot Chat extension for Visual Studio Code allows a local attacker to bypass security restrictions without any credentials. The attack is launched locally on the host and requires no user interaction or privileges, derived from the CVSS vector (AV:L, PR:N, UI:N). Successful exploitation grants the attacker full read access, write access, and the ability to disrupt the affected service on the compromised host. A patched-image rebuild at version 1.123.2 is available on HarborGuard for environments running an affected version of the extension.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityNot required

  The attacker needs an existing shell or process on the host; no network-facing exposure is required.

• AuthenticationNot required

  No credentials or account are required to launch the attack.

• Victim interactionNot required

  No user action or social engineering is needed; the attacker can exploit the flaw without any victim participation.

• Attack complexityDetail

  Attack complexity is low, meaning the exploit is reliable and imposes no special conditions, race requirements, or environmental dependencies on the attacker.

Blast Radius

• A successful attacker reads files outside the intended restricted directory, including configuration files, stored tokens, or extension data on the host.
• The attacker writes or overwrites files in arbitrary paths on the host filesystem, enabling persistent modification of application or system files.
• The attacker disrupts the Copilot Chat extension or dependent processes, causing service failure on the affected workstation.
• Because all three CVSS impact dimensions are HIGH, the attacker gains effective full-impact control over the confidentiality, integrity, and availability of resources accessible to the extension process.