Vulnerability Details CVE-2026-23653
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.1%
CVSS Severity
CVSS v3 Score 5.7
Products affected by CVE-2026-23653
-
cpe:2.3:a:microsoft:github_copilot_chat:0.29.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.29.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.30.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.30.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.30.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.30.3
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.3
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.4
-
cpe:2.3:a:microsoft:github_copilot_chat:0.31.5
-
cpe:2.3:a:microsoft:github_copilot_chat:0.32.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.32.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.32.3
-
cpe:2.3:a:microsoft:github_copilot_chat:0.32.4
-
cpe:2.3:a:microsoft:github_copilot_chat:0.32.5
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.3
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.4
-
cpe:2.3:a:microsoft:github_copilot_chat:0.33.5
-
cpe:2.3:a:microsoft:github_copilot_chat:0.35.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.35.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.35.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.35.3
-
cpe:2.3:a:microsoft:github_copilot_chat:0.36.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.36.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.36.2
-
cpe:2.3:a:microsoft:github_copilot_chat:0.37.0
-
cpe:2.3:a:microsoft:github_copilot_chat:0.37.1
-
cpe:2.3:a:microsoft:github_copilot_chat:0.37.2