CVE-2026-21523 — Vulnetix

CVE-2026-21523 PUBLISHED CVSS 8.800000190734863 HIGH

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

EPSS 0.03% · 10.7th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.03%

10.7th percentile

Affected Products

Vendor	Product	Versions
microsoft	visual_studio_2022	17.14.0
microsoft	visual_studio_2026	18.3.0
Microsoft	Microsoft Visual Studio 2022 version 17.14	17.14.0
Microsoft	Microsoft Visual Studio 2026 version 18.3	18.3.0

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 11, 2026 EPSS Score
Feb 11, 2026 PoC Published
Feb 11, 2026 PoC Published
Feb 13, 2026 EPSS Score
Feb 13, 2026 PoC Published
Feb 13, 2026 PoC Published
Feb 13, 2026 PoC Published
Feb 15, 2026 EPSS Score

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23655 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21537 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21516 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21229 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21511 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21523 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21260 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21518 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21522 advisory

Open in Interactive Console →