Command Injection Vulnerability in GitHub Copilot and Windows Notepad

Command Injection Vulnerability in GitHub Copilot and Windows Notepad

First seen 12 Feb 2026, 21:16 UTC Api.Msrc.MicrosoftCve 81% similarity 13.6

Article Content

Browse articles
ThreatCluster

A command injection vulnerability has been identified in GitHub Copilot, Visual Studio, and the Windows Notepad app, allowing unauthorized attackers to execute code over a network. The issue arises from improper neutralization of special elements used in commands. A proof of concept for CVE-2026-20841 was made public shortly after its publication.

ThreatCluster AI

Timeline

2026-02-10
CVE-2026-20841 published
2026-02-10
CVE-2026 published for GitHub Copilot and Visual Studio
2026-02-11
First public PoC for CVE-2026-20841 released

Community

Browse all →