CVE-2026-45482: Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code
highvulnerabilityLLM-Specific
security
Summary
CVE-2026-45482 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by manipulating file paths) in GitHub Copilot and Visual Studio Code that allows an unauthorized attacker to bypass a local security feature. The vulnerability has a CVSS 4.0 severity score (a 0-10 rating of how severe a vulnerability is, where higher numbers mean more serious). Details are still being assessed by NIST, and Microsoft has published information about this issue.
Vulnerability Details
CVSS Score
8.4(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
local
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
June 9, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrity
AI Component TargetedAPI
Affected Vendors
Microsoft
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45482
First tracked: June 10, 2026 at 02:09 AM
Classified by LLM (prompt v3) · confidence: 85%