CVE-2026-45033: GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulne
Summary
GitHub Copilot CLI (an AI tool that helps developers write code from the command line) has a security vulnerability in versions before 1.0.43 where a malicious bare git repository (a special type of git storage folder with no working files) hidden in a project can trick the tool into running harmful commands. An attacker can exploit git's automatic discovery of these repositories and use configuration keys like core.fsmonitor (settings that tell git what commands to run during normal operations) to execute arbitrary code without the user knowing.
Solution / Mitigation
Update GitHub Copilot CLI to version 1.0.43 or later, where this vulnerability is fixed.
Vulnerability Details
EPSS: 0.0%
May 13, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45033
First tracked: May 13, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 92%