8731 matches found
Security Update for Microsoft Visual Studio Code (February 2026)
The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.109.2. It is, therefore, affected by multiple vulnerabilities: - Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21257
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network...
CVE-2026-21256
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Visual Studio and .NET components. A malicious party could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and potentially execute arbitrary code with the victim's privileges. For successful abuse, the...
CVE-2026-21523
Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21523
Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network...
CVE-2026-21256
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...
CVE-2026-21257
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network...
CVE-2026-21256
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...
CVE-2026-21257
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network...
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
...
CVE-2026-21256
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
...
CVE-2026-21256
CVE-2026-21256 affects GitHub Copilot and Visual Studio. It is a command injection vulnerability described as improper neutralization of special elements in a command, enabling code execution over a network. CVSS 3.1 base score 8.8 (HIGH) with NETWORK attack vector, no privileges, user interactio...
CVE-2026-21257
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network...
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
...
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
...