CVE-2025-66389 is a vulnerability in GitHub Copilot 1.372.0 that allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter to fetch_webpage, potentially leading to exfiltration if there is indirect prompt injection. The CVE was published on June 22, 2026. Affected users should review and update their installations to mitigate potential risks [truncated]
A critical server-side request forgery (SSRF) vulnerability in GitHub Enterprise Server allowed unauthenticated attackers to redirect internal API calls by injecting path traversal sequences into upload endpoint parameters. The flaw, rooted in insufficient input validation, enabled access to internal services and potential credential exposure. GitHub resolved this across multiple release branches; adminis [truncated]
A Server-Side Request Forgery (SSRF) vulnerability in GitHub Enterprise Server's security advisories package lookup feature allowed attackers to direct HTTP requests to internal services. By targeting an internal management service and analyzing response timing, attackers could infer sensitive environment variable values including signing secrets and private keys. The vulnerability required GitHub Package [truncated]
CVE-2026-29783 describes an arbitrary code execution issue in the shell tool used by GitHub Copilot CLI. In affected versions prior to and including 0.0.422, crafted bash parameter expansion patterns could make a command appear "read-only" to the safety layer while still embedding executable behavior. GitHub states the issue is fixed in 0.0.423.