{"data":{"id":"d57cfe9a-2217-42c5-bca0-536d0737d86c","title":"CVE-2026-45482: Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code ","summary":"CVE-2026-45482 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by manipulating file paths) in GitHub Copilot and Visual Studio Code that allows an unauthorized attacker to bypass a local security feature. The vulnerability has a CVSS 4.0 severity score (a 0-10 rating of how severe a vulnerability is, where higher numbers mean more serious). Details are still being assessed by NIST, and Microsoft has published information about this issue.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45482","publishedAt":"2026-06-09T17:17:22.587Z","cveId":"CVE-2026-45482","cweIds":["CWE-22"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","Visual Studio Code","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-09T17:17:22.587Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}