CVE-2026-50510: Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute
Summary
CVE-2026-50510 is a vulnerability in GitHub Copilot where improper file naming restrictions allow an unauthorized attacker to execute code on a user's local machine. The vulnerability is classified as CWE-641 (improper restriction of names for files and other resources), and details are being tracked by Microsoft and NIST.
Vulnerability Details
7.8(high)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
local
low
none
required
July 14, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50510
First tracked: July 14, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 85%