Cyber Resilience

CVE-2026-21518

HighRCE

Published: 10 February 2026

Published
10 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0136 68.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21518 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Visual Studio Code. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21518 is a command injection vulnerability (CWE-77) in GitHub Copilot and Visual Studio Code, published on 2026-02-10. The issue arises from improper neutralization of special elements used in a command, allowing an unauthorized attacker to bypass a security feature over a network. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by an unauthorized attacker with no privileges required, though it necessitates user interaction. Exploitation occurs over the network and enables the attacker to bypass security controls, potentially leading to high-impact outcomes such as unauthorized access, data compromise, modification of system resources, or disruption of services.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21518.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: github copilot

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Command injection (CWE-77) directly enables arbitrary command execution via interpreters (T1059) on a client system and constitutes exploitation of a client-side vulnerability for code execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21523Same product: Microsoft Visual Studio Code
CVE-2026-41611Same product: Microsoft Visual Studio Code
CVE-2026-41109Same product: Microsoft Visual Studio Code
CVE-2026-33111Same vendor: Microsoft
CVE-2026-21516Same vendor: Microsoft
CVE-2025-62222Same vendor: Microsoft
CVE-2025-24042Same product: Microsoft Visual Studio Code
CVE-2026-21256Same vendor: Microsoft
CVE-2025-24039Same product: Microsoft Visual Studio Code
CVE-2025-26631Same product: Microsoft Visual Studio Code

Affected Assets

microsoft
visual studio code
≤ 1.109.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates information input validation at entry points to prevent command injection from improper neutralization of special elements in inputs.

prevent

Requires timely flaw remediation through patching to address this specific command injection vulnerability in GitHub Copilot and Visual Studio Code.

prevent

Enforces least privilege to restrict the scope and impact of arbitrary commands executed via the injection vulnerability.

References