CVE-2026-23653

MEDIUM

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

CVSS v3.1 Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Published: 4/14/2026Modified: 5/6/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653Vendor Advisory