{"data":{"id":"78c71a14-b6c5-433a-a75f-dfbd16efc4c7","title":"CVE-2026-21523: Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to e","summary":"CVE-2026-21523 is a time-of-check time-of-use (TOCTOU) race condition (a vulnerability where an attacker exploits the gap between when a system checks permissions and when it uses a resource) in GitHub Copilot and Visual Studio that allows an authorized attacker to execute code over a network. The vulnerability has not yet received a CVSS severity rating from NIST.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-21523","publishedAt":"2026-02-10T18:16:34.743Z","cveId":"CVE-2026-21523","cweIds":["CWE-367"],"cvssScore":"8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","Visual Studio","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00026,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-27"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}