HIGH
Github
CVE published 2026-03-06
CVE-2026-29783
CVE-2026-29783 describes an arbitrary code execution issue in the shell tool used by GitHub Copilot CLI. In affected versions prior to and including 0.0.422, crafted bash parameter expansion patterns could make a command appear "read-only" to the safety layer while still embedding executable behavior. GitHub states the issue is fixed in 0.0.423.