Microsoft Visual Studio Code Copilot Chat Extension
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio Code Copilot Chat Extension.
Recent Microsoft Visual Studio Code Copilot Chat Extension Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-62449 | CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | November 11, 2025 |
By the Year
In 2026 there have been 2 vulnerabilities in Microsoft Visual Studio Code Copilot Chat Extension with an average score of 8.4 out of ten. Last year, in 2025 Visual Studio Code Copilot Chat Extension had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Visual Studio Code Copilot Chat Extension in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.83.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.40 |
| 2025 | 3 | 7.57 |
It may take a day or so for new Visual Studio Code Copilot Chat Extension vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Code Copilot Chat Extension Security Vulnerabilities
Feb 2026: GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
CVE-2026-21523
8 - High
- February 10, 2026
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
TOCTTOU
Feb 2026: GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-21518
8.8 - High
- February 10, 2026
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
Command Injection
Nov 2025: Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE-2025-62449
6.8 - Medium
- November 11, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Directory traversal
Nov 2025: Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE-2025-62222
8.8 - High
- November 11, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Command Injection
May 2025: Visual Studio Code Security Feature Bypass Vulnerability
CVE-2025-21264
7.1 - High
- May 13, 2025
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio Code Copilot Chat Extension or by Microsoft? Click the Watch button to subscribe.
