{"data":{"id":"886979cb-f779-44a3-9a68-03c0e81abf09","title":"CVE-2026-21518: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio ","summary":"CVE-2026-21518 is a command injection vulnerability (a flaw where attackers can insert malicious commands into user input) in GitHub Copilot and Visual Studio Code that allows an unauthorized attacker to bypass security features over a network. The vulnerability stems from improper handling of special characters in commands. No CVSS severity score (a 0-10 rating of how serious a vulnerability is) has been assigned yet by NIST.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-21518","publishedAt":"2026-02-10T18:16:34.263Z","cveId":"CVE-2026-21518","cweIds":["CWE-77"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","Visual Studio Code","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00031,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}