CVE-2026-29783 Github CVE debrief

Who should care

Organizations and users running GitHub Copilot CLI, especially in workflows where the agent can process untrusted repository content, MCP server responses, or user-supplied instructions. This is most relevant when Copilot CLI is allowed to execute shell commands on a workstation or build environment.

Technical summary

The vulnerability is a command-safety bypass in the shell tool’s pre-execution assessment. According to the source description, the safety layer classifies shell commands as read-only or write-capable, but certain bash parameter expansion forms can hide executable behavior inside otherwise seemingly safe commands. The advisory highlights patterns such as ${var@P}, ${var=value} / ${var:=value}, ${!var}, and nested $(cmd) or <(cmd) within ${...} expansions. This is mapped to CWE-78 and affects GitHub Copilot CLI versions earlier than 0.0.423.

Defensive priority

High. The issue can lead to arbitrary code execution when the agent is influenced by untrusted input, and the reported CVSS score is 7.5 (HIGH).

Recommended defensive actions

• Upgrade GitHub Copilot CLI to version 0.0.423 or later.
• Verify deployed versions and remove or replace any older 0.0.422-and-earlier installations.
• Treat repository content, MCP responses, and prompt text as untrusted inputs when Copilot CLI can execute shell commands.
• Review the GitHub security advisory and release notes for the fixed version before re-enabling broad agent command execution.

Evidence notes

Source material includes the NVD CVE record and GitHub references. The CVE was published on 2026-03-06 and modified on 2026-05-18. NVD lists the vulnerable CPE criteria for github:copilot_command_line_interface as ending before 0.0.423, and the advisory references the fixed release v0.0.423 plus the GitHub security advisory GHSA-g8r9-g2v8-jv6f. The CVSS vector provided by NVD indicates HIGH severity with user interaction required.

Official resources