Microsoft Microsoft Visual Studio Code Copilot Chat Extension

6 CVEs affecting Microsoft Microsoft Visual Studio Code Copilot Chat Extension. Latest disclosed: 2026-04-14. Critical: 0, High: 4.

Top CVEs affecting Microsoft Microsoft Visual Studio Code Copilot Chat Extension
CVE	Severity	Score	Published	Summary
`CVE-2026-21518`	High	`8.8`	2026-02-10	Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to…
`CVE-2025-62222`	High	`8.8`	2025-11-11	Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacke…
`CVE-2026-21523`	High	`8.0`	2026-02-10	Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
`CVE-2025-21264`	High	`7.1`	2025-05-13	Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
`CVE-2025-62449`	Medium	`6.8`	2025-11-11	Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to by…
`CVE-2026-23653`	Medium	`5.7`	2026-04-14	Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to d…