CVE-2026-21523

High

CVSS 8

Description

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

CVSS Score

8/ 10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-367CWE-367MITRE

Related Articles (1)

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

Feb 10, 2026

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21523secure@microsoft.com

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity: High
CVSS: 8
CWE: CWE-367
CISA KEV: No
Articles: 1

Timeline

Published

Feb 10, 2026

External Links

NVD (NIST)CVE Details MITRE CVE