Api.Msrc.Microsoft
Command Injection Vulnerability in GitHub Copilot and Windows Notepad
First seen 12 Feb 2026, 21:16 UTC
•
•81% similarity
•13.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A command injection vulnerability has been identified in GitHub Copilot, Visual Studio, and the Windows Notepad app, allowing unauthorized attackers to execute code over a network. The issue arises from improper neutralization of special elements used in commands. A proof of concept for CVE-2026-20841 was made public shortly after its publication.
ThreatCluster AI
Timeline
2026-02-10
CVE-2026-20841 published
2026-02-10
CVE-2026 published for GitHub Copilot and Visual Studio
2026-02-11
First public PoC for CVE-2026-20841 released