VDB
CVE-2026-23653
CVE-2026-23653
PUBLISHED
CVSS 5.699999809265137 MEDIUM
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
EPSS 0.10% · 27.2th percentile
Risk Scores
CVSS 3.1
5.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
0.10%
27.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Visual Studio Code CoPilot Chat Extension | 0.27.0 |
| microsoft | visual_studio_code_copilot_chat_extension | 0.27.0 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2026-23653 (circl-sighting)
- CIRCL seen: CVE-2026-23653 (circl-sighting)
- GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability (circl)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 15, 2026 Security Advisory
- Apr 15, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
References
- GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-23653 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40385 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40386 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120 advisory
…and 1 more