CVE Catalog

CVE-2026-45482

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

A path traversal vulnerability in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Risk Assessment

An attacker with local access could read files outside the restricted directory, potentially leading to sensitive data disclosure or privilege escalation.

Recommendation

Immediately update GitHub Copilot and Visual Studio Code to the latest patched versions.

Original NVD description (English source)

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS