CVE-2026-47282: Update VS Code to 1.128.1 to Protect Copilot Credentials

CVE-2026-47282 exposes insufficiently protected credentials in GitHub Copilot and Visual Studio Code, potentially allowing an unauthenticated attacker to obtain sensitive information over a network. Microsoft published the vulnerability on July 14, 2026, and the available CVE data identifies Visual Studio Code versions earlier than 1.128.1 as affected.
The immediate action is straightforward: update Visual Studio Code to version 1.128.1 or later, then verify the installed build rather than assuming the editor’s background updater has completed. Microsoft’s Security Response Center describes the issue as an information-disclosure vulnerability involving credentials, while the CVE record assigns it a CVSS 3.1 base score of 6.5, placing it in the Medium severity band.
The advisory names both GitHub Copilot and Visual Studio Code, but Microsoft has not publicly provided a detailed attack walkthrough, proof of concept, or a precise description of which credential type may be exposed. That lack of detail limits defensive investigation, but it does not reduce the need to patch machines where Copilot can access private repositories, source code, development services, or enterprise accounts.

A cybersecurity workstation displays code, a threat dashboard, and a high-severity GitHub Copilot vulnerability alert.The Fix Lands in Visual Studio Code 1.128.1​

Structured CVE data published alongside Microsoft’s advisory lists Visual Studio Code from version 1.0.0 up to, but not including, version 1.128.1 as affected. That makes 1.128.1 the minimum known fixed release and gives administrators a concrete compliance threshold.
Users can check the installed version through Visual Studio Code’s About dialog or by running:
code --version
On managed Windows devices, administrators should validate the result through their software inventory platform. Checking the deployment package alone is insufficient if users have per-user installations, portable copies, older virtual desktop images, or side-by-side Stable and Insiders builds.
Visual Studio Code normally updates itself, but updates can remain unapplied while the editor is running. Long-lived development workstations are particularly prone to this condition because developers may keep editor windows, terminals, debugging sessions, and remote connections open for days.
Organizations should account for every supported distribution path:
  • System-wide Visual Studio Code installations should report version 1.128.1 or newer.
  • Per-user installations under individual Windows profiles should be inventoried separately.
  • Golden images, developer virtual machines, Windows 365 Cloud PCs, and Azure Virtual Desktop hosts should be updated before their next deployment.
  • Portable and disconnected installations require a deliberate replacement or upgrade.
  • Remote development endpoints should be checked for related components left behind by older clients.
The advisory’s GitHub Copilot wording also means teams should not treat this as a generic editor bug with no bearing on AI features. Copilot operates inside a development environment rich in authentication state, repository context, extension APIs, workspace files, terminals, and network connections. A credential-handling failure in that environment has different consequences from the disclosure of an ordinary application preference.

A Medium Score Can Still Carry Expensive Consequences​

CVE-2026-47282 is categorized under weaknesses associated with insufficiently protected credentials and information exposure. The published description says an unauthorized attacker could disclose information over a network, indicating that the risk is not limited to someone already logged on locally.
The CVSS score of 6.5 should guide prioritization, not become an excuse for delay. CVSS measures the technical characteristics of exploitation and impact; it does not know whether the exposed credential belongs to a personal test account, an organization-wide GitHub identity, or a developer with access to production infrastructure.
For many Windows development environments, credentials can become stepping stones. A token associated with a private repository may reveal proprietary source code, internal documentation, workflow definitions, package registry details, or secrets that were mistakenly committed. Access to development tooling can also help an attacker identify build systems and higher-value accounts for subsequent targeting.
Microsoft’s title joins GitHub Copilot and Visual Studio Code rather than identifying a standalone Windows component. Consequently, this issue will not necessarily be resolved by installing the July Windows cumulative update. Administrators need to update the application itself and confirm that their normal Windows patch reports are not overlooking it.
That distinction matters in enterprises where Visual Studio Code is installed through Microsoft Intune, Configuration Manager, winget, a private package repository, or user self-service. A Windows endpoint can be fully compliant with operating-system updates while still running a vulnerable editor.

Public Detail Is Confirmed but Narrow​

Microsoft is the assigning CVE Numbering Authority for CVE-2026-47282, and the vulnerability is presented as confirmed rather than speculative. In CVSS terminology, report confidence reflects whether a weakness has been substantiated by technical evidence or acknowledged by the vendor; it does not indicate how easy the issue is to exploit.
The public record currently confirms the weakness class, network exposure, information-disclosure impact, affected Visual Studio Code range, and fixed version. It does not explain the vulnerable protocol flow, the credential storage mechanism, the attacker-controlled input, or whether exploitation requires a developer to open particular content or interact with a remote service.
That creates a familiar security-advisory gap: defenders have enough information to remediate, but not enough to build a high-confidence detection rule. Teams should resist filling that gap with assumptions about prompt injection, malicious repositories, rogue extensions, or compromised language-model servers. Those are plausible threat categories around AI-enabled editors, but Microsoft has not established them as the mechanism behind this CVE.
The absence of a published proof of concept also does not establish that exploitation is impossible. It means defenders should focus on version compliance while monitoring Microsoft and GitHub for revisions to the advisory, additional indicators, or a more detailed technical write-up.

Enterprise Response Should Extend Beyond the Upgrade​

Updating Visual Studio Code closes the known vulnerable condition, but security teams may need additional work where developers handle valuable credentials. If a machine was exposed during the vulnerable period and shows suspicious activity, incident responders should consider whether authentication material available to Visual Studio Code or GitHub Copilot requires revocation.
That decision should be evidence-driven. Useful sources include GitHub audit logs, unusual repository clones, unexpected OAuth authorization activity, new personal access tokens, anomalous package downloads, unfamiliar source IP addresses, and access to repositories outside a developer’s normal working set.
Organizations can reduce the blast radius by ensuring developers do not use broad, long-lived tokens where narrowly scoped or short-lived credentials are supported. Copilot and VS Code deployments should also be governed alongside other developer tools rather than excluded from application patching because they are installed and updated by users.
Security teams should record at least four facts for each managed endpoint: the installed VS Code channel, exact version, installation scope, and whether GitHub Copilot is enabled. That inventory will make it possible to distinguish patched Stable installations from neglected portable copies or separate pre-release channels.
Visual Studio Code 1.128.1 is the practical remediation boundary. Until Microsoft publishes deeper technical details, the safest course is to upgrade every affected installation, verify the version on disk, and treat suspicious post-exposure account activity as a potential credential incident rather than merely an editor defect.

References​

  1. Primary source: MSRC
    Published: 2026-07-14T07:00:00-07:00
  2. Official source: docs.github.com
 

Back
Top