Apr 2026: GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVE-2026-23653 Published on April 14, 2026

GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Vendor Advisory NVD

Weakness Type

What is a Command Injection Vulnerability?

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2026-23653 has been classified to as a Command Injection vulnerability or weakness.

Products Associated with CVE-2026-23653

Want to know whenever a new CVE is published for Microsoft Visual Studio Code Copilot Chat Extension? stack.watch will email you.

Microsoft Visual Studio Code Copilot Chat Extension

Affected Versions

Microsoft Visual Studio Code CoPilot Chat Extension:

Version 0.27.0 and below 0.37.3 is affected.

Apr 2026: GitHub Copilot and Visual Studio Code Information Disclosure VulnerabilityCVE-2026-23653 Published on April 14, 2026

Weakness Type

What is a Command Injection Vulnerability?

Products Associated with CVE-2026-23653

Affected Versions

Apr 2026: GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVE-2026-23653 Published on April 14, 2026