VYPR
Medium severity5.7NVD Advisory· Published Apr 14, 2026· Updated May 6, 2026

CVE-2026-23653

CVE-2026-23653

Description

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

1