EUVD-2026-10049

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution...

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783

The CVE concerns GitHub Copilot CLI shell tool pre-0.0.423. Affected: Copilot CLI versions up to and including 0.0.422. Issue: the shell safety assessment misclassifies certain bash parameter expansion patterns as read-only, allowing arbitrary code execution when an attacker can influence the com...

Malicious Package

Overview @copilot-web-widgets/common-core-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

RHEL 9 : grafana-pcp (RHSA-2026:3820)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3820 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

GitHub Copilot CLI 操作系统命令注入漏洞

GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...

RHEL 9 : grafana-pcp (RHSA-2026:3822)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3822 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

PT-2026-23732

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 0.0.423 Description The shell tool within GitHub Copilot CLI is susceptible to arbitrary code execution through crafted bash parameter expansion patterns. An attacker influencing commands executed by the...

NewStart CGSL MAIN 6.06 (SP) : pcp Multiple Vulnerabilities (NS-SA-2026-0015)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has pcp packages installed that are affected by multiple vulnerabilities: - Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a larg...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

Microsoft GitHub Copilot for JetBrains Command Injection Vulnerability

Microsoft GitHub Copilot for JetBrains is an AI programming assistant plugin from Microsoft USA that can be installed in various IDEs produced by JetBrains. A command injection vulnerability exists in Microsoft GitHub Copilot for JetBrains. The vulnerability stems from the application failing to...

RLSA-2026:3040 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence AI-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patche...

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

February 24, 2026—KB5077239 (OS Build 28000.1643) Preview

February 24, 2026—KB5077239 OS Build 28000.1643 Preview ​​​​​This non-security update for Windows 11, version 26H1 KB5077239, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between...