PatchSiren cyber security CVE debrief

CVE-2026-45482 Microsoft CVE debrief

CVE-2026-45482 is a HIGH severity vulnerability with a CVSS score of 8.4. It was published on 2026-06-09T17:17:22.587Z and last modified on 2026-06-09T19:32:51.440Z. The vulnerability is related to an improper limitation of a pathname to a restricted directory, also known as path traversal, in GitHub Copilot and Visual Studio Code. This allows an unauthorized attacker to bypass a security feature locally. The CVE is currently awaiting analysis and is tracked by various sources including [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-45482) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-45482). For more information, refer to [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45482).

Vendor: Microsoft
Product: Microsoft Visual Studio Code CoPilot Chat Extension
CVSS: HIGH 8.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-09
Advisory published: 2026-06-09
Advisory updated: 2026-06-09

Who should care

Users of GitHub Copilot and Visual Studio Code should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Technical summary

The vulnerability is caused by an improper limitation of a pathname to a restricted directory, also known as path traversal. This allows an unauthorized attacker to bypass a security feature locally.

Defensive priority

HIGH

Recommended defensive actions

Users should update to the latest version of GitHub Copilot and Visual Studio Code to ensure they have the latest security patches.
Users should be cautious when using GitHub Copilot and Visual Studio Code to avoid potential security risks.

Evidence notes

The vendor of this product is currently listed as Unknown Vendor. However, there is evidence suggesting that the vendor might be Microsoft.

Official resources

CVE-2026-45482 was published on 2026-06-09T17:17:22.587Z and last modified on 2026-06-09T19:32:51.440Z.