CVE Catalog

CVE-2026-50519

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile — higher than 41% of all known CVEs

Summary

The vulnerability in GitHub Copilot and Visual Studio Code is caused by initializing a resource with an insecure default, allowing an unauthorized attacker to disclose information over a network.

Risk Assessment

The organization is at risk of confidential data leakage, which could be intercepted by an attacker without requiring system access privileges.

Recommendation

It is recommended to immediately update GitHub Copilot and Visual Studio Code to the latest version that fixes this vulnerability, and review default security configurations.

Original NVD description (English source)

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS