Insufficiently protected credentials in Visual Studio Code - CVE-2026-47282
Published: July 17, 2026
Visual Studio Code
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to insufficiently protected credentials in GitHub Copilot credential handling in Visual Studio Code when opening a malicious file in vscode. A remote attacker can entice a user to open a crafted file to disclose sensitive information.
User interaction is required to open a malicious file.