VYPR
High severity8.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-41109

CVE-2026-41109

Description

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

2