Описание
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
The AV:N rating indicates the vulnerability is exploitable over the network, meaning an attacker can deliver a malicious prompt remotely without prior access, while UI:R means a user must interact with Copilot for exploitation to occur. Due to prompt injection, the system is coerced into executing attacker-controlled instructions, which can escalate into remote code execution (RCE) when the compromised prompt causes backend components or integrated tools to run unintended commands.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.14 | ||
| Microsoft Visual Studio 2026 version 18.3 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с онедостаточным управлением генерации кода, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3