CVE-2026-50519
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk41th percentile — higher than 41% of all known CVEs
Summary
The vulnerability in GitHub Copilot and Visual Studio Code is caused by initializing a resource with an insecure default, allowing an unauthorized attacker to disclose information over a network.
Risk Assessment
The organization is at risk of confidential data leakage, which could be intercepted by an attacker without requiring system access privileges.
Recommendation
It is recommended to immediately update GitHub Copilot and Visual Studio Code to the latest version that fixes this vulnerability, and review default security configurations.
Original NVD description (English source)
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.

