CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

...

Microsoft Visual Studio Code CoPilot Chat Extension < 0.37.3 Information Disclosure (CVE-2026-23653)

The Microsoft Visual Studio Code CoPilot Chat Extension installed on the remote host is prior to 0.37.3. It is, therefore, affected by an information disclosure vulnerability: - A remote, authenticated attacker can exploit this vulnerability to disclose sensitive information. User interaction is...

Security Update for Microsoft Visual Studio Code CoPilot Chat Extension (November 2025)

The Microsoft Visual Studio Code CoPilot Chat Extension prior to version 0.32.5. It is, therefore, affected by multiple vulnerabilities. - This vulnerability is a command injection flaw in the Visual Studio Code Copilot Chat Extension, where improper handling of special characters in...

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

...

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

...

EUVD-2025-93394

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

EUVD-2025-93395

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

CVE-2025-62449

The CVE-2025-62449 issue is a path traversal vulnerability in the Visual Studio Code CoPilot Chat Extension (prior to version 0.32.5). A local, low-privilege, authorized attacker can bypass a security feature and access files outside the intended workspace, with high impact to confidentiality and...

Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

Microsoft Visual Studio Code 命令注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A command injection vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker can execute code by exploiting this vulnerability...

PT-2025-46514

Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description The Visual Studio Code CoPilot Chat Extension contains a flaw related to improper neutralization of special elements used in commands, potentially leading to...

PT-2025-46515

Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description An issue exists in Visual Studio Code CoPilot Chat Extension related to improper limitation of a pathname to a restricted directory, also known as a 'path...

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A path traversal vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker exploiting this vulnerability could bypass certain functionality...