Fixed Intel

CVE-2026-21256

High
CVSS 8.8

Description

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

CVSS Score

8.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-77Command InjectionMITRE

Related Articles (1)

Data Breaches

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

Feb 10, 2026

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256secure@microsoft.com

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity
High
CVSS
8.8
CWE
CWE-77
CISA KEV
No
Articles
1

Timeline

Published

Feb 10, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE