GHSA-7vc2-x95v-g6m9HighCVSS 7.5

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user...

Published
June 22, 2026
Last Modified
June 22, 2026

🔗 CVE IDs covered (1)

📋 Description

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.

🔗 References (5)