Cyber Resilience

CVE-2026-21257

HighRCE

Published: 10 February 2026

Published
10 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 14.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21257 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Visual Studio 2022. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21257 is an improper neutralization of special elements used in a command (CWE-77), enabling command injection in GitHub Copilot and Visual Studio. This vulnerability allows an authorized attacker to elevate privileges over a network. It was published on 2026-02-10T18:16:27.483 with a CVSS v3.1 score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), reflecting high severity due to network vector, low complexity, low privilege requirement, user interaction need, and high impacts across confidentiality, integrity, and availability.

Attackers require low privileges (PR:L), such as an authenticated user in the affected environment, and must leverage user interaction (UI:R) to exploit remotely (AV:N). By injecting malicious commands through unneutralized special elements in GitHub Copilot suggestions or Visual Studio command handling, they can achieve privilege escalation, resulting in high-level control over the system (C:H/I:H/A:H) without scope changes (S:U).

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21257 outlines mitigation steps, including available patches and update guidance for GitHub Copilot and Visual Studio. Practitioners should apply these vendor updates promptly to remediate the command injection flaw.

EU & UK References

Vulnerability details

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: github copilot

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CWE-77 command injection directly enables arbitrary command execution (T1059) and is exploited for privilege escalation (T1068) with network reachability.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21256Same product: Microsoft Visual Studio 2022
CVE-2025-21405Same product: Microsoft Visual Studio 2022
CVE-2025-24049Same vendor: Microsoft
CVE-2026-21518Same vendor: Microsoft
CVE-2026-21516Same vendor: Microsoft
CVE-2026-21520Same vendor: Microsoft
CVE-2026-33111Same vendor: Microsoft
CVE-2026-42893Same vendor: Microsoft
CVE-2025-53787Same vendor: Microsoft
CVE-2026-26136Same vendor: Microsoft

Affected Assets

microsoft
visual studio 2022
17.14.0 — 17.14.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly addresses command injection by requiring validation and neutralization of special elements in inputs to GitHub Copilot and Visual Studio commands.

prevent

SI-2 mandates timely remediation of flaws like this command injection vulnerability through vendor patches for GitHub Copilot and Visual Studio.

prevent

AC-6 least privilege limits the impact of privilege escalation achieved via command injection by authorized low-privilege attackers.

References