CVE-2026-21518
Published: 10 February 2026
Summary
CVE-2026-21518 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Visual Studio Code. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-21518 is a command injection vulnerability (CWE-77) in GitHub Copilot and Visual Studio Code, published on 2026-02-10. The issue arises from improper neutralization of special elements used in a command, allowing an unauthorized attacker to bypass a security feature over a network. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.
The vulnerability can be exploited by an unauthorized attacker with no privileges required, though it necessitates user interaction. Exploitation occurs over the network and enables the attacker to bypass security controls, potentially leading to high-impact outcomes such as unauthorized access, data compromise, modification of system resources, or disruption of services.
Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21518.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7359
Vulnerability details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: github copilot
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection (CWE-77) directly enables arbitrary command execution via interpreters (T1059) on a client system and constitutes exploitation of a client-side vulnerability for code execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates information input validation at entry points to prevent command injection from improper neutralization of special elements in inputs.
Requires timely flaw remediation through patching to address this specific command injection vulnerability in GitHub Copilot and Visual Studio Code.
Enforces least privilege to restrict the scope and impact of arbitrary commands executed via the injection vulnerability.