VulnWatch VulnWatch
← Back to dashboard
High nvd · CVE-2026-41109

CVE-2026-41109: Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and

Published May 12, 2026 CVSS 8.8

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Affected AI Products

github copilot copilot
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.