GHSA-g8r9-g2v8-jv6f: GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
Summary
GitHub Copilot CLI had a vulnerability where attackers could execute arbitrary code by hiding dangerous commands inside bash parameter expansion patterns (special syntax for manipulating variables). The safety system that checks whether commands are safe would incorrectly classify these hidden commands as harmless, allowing them to run without user approval.
Solution / Mitigation
The fix adds two layers of defense: (1) The safety assessment now detects dangerous operators like @P, =, :=, and ! within ${...} expansions and reclassifies commands containing them from read-only to write-capable so they require user approval. (2) Commands with dangerous expansion patterns are unconditionally blocked at the execution layer regardless of permission mode. Update to GitHub Copilot CLI version 0.0.423 or later.
Vulnerability Details
EPSS: 0.1%
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-g8r9-g2v8-jv6f
First tracked: March 6, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 95%