CVE-2026-23653: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio

CVE-2026-23653 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into input that gets executed) in GitHub Copilot and Visual Studio Code that allows an authorized attacker to disclose information over a network. The vulnerability stems from improper neutralization of special elements used in commands. The CVSS severity score (a standard 0-10 rating of how serious a security flaw is) has not yet been assigned by NIST.