CVE-2026-21518
Published: 10 February 2026
Summary
CVE-2026-21518 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Visual Studio Code. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates information input validation at entry points to prevent command injection from improper neutralization of special elements in inputs.
Requires timely flaw remediation through patching to address this specific command injection vulnerability in GitHub Copilot and Visual Studio Code.
Enforces least privilege to restrict the scope and impact of arbitrary commands executed via the injection vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection (CWE-77) directly enables arbitrary command execution via interpreters (T1059) on a client system and constitutes exploitation of a client-side vulnerability for code execution (T1203).
NVD Description
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
Deeper analysisAI
CVE-2026-21518 is a command injection vulnerability (CWE-77) in GitHub Copilot and Visual Studio Code, published on 2026-02-10. The issue arises from improper neutralization of special elements used in a command, allowing an unauthorized attacker to bypass a security feature over a network. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.
The vulnerability can be exploited by an unauthorized attacker with no privileges required, though it necessitates user interaction. Exploitation occurs over the network and enables the attacker to bypass security controls, potentially leading to high-impact outcomes such as unauthorized access, data compromise, modification of system resources, or disruption of services.
Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21518.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: copilot