AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-41109: Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMay 12, 2026CVE-2026-41109

Summary

CVE-2026-41109 is a security flaw in GitHub Copilot and Visual Studio that allows an attacker to bypass a security feature by improperly handling special characters in output, which are then processed by another component (injection, where untrusted data is inserted into code or commands). The vulnerability can be exploited over a network by unauthorized attackers.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

required

Disclosure Date

May 12, 2026

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-74

Affected Vendors

Microsoft

Related Issues

high

CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman

Similar attackNVD/CVE Database

medium

CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-41109

First tracked: May 12, 2026 at 08:09 PM

Classified by LLM (prompt v3) · confidence: 92%