CVE-2026-23653

MEDIUM WAF: High

CVSS 5.7 Published: 2026-04-14

CWE-77

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

msrc.microsoft.com

Back to CVE Database