CVE-2026-45033

7.8 HIGH

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line

Published: 2026-05-13 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-696

Affected products

Vendor	Product
github	copilot-cli

Description

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory traversal, an attacker can set core.fsmonitor or other executable config keys to run arbitrary commands without user awareness or approval. The vulnerability arises because git's core.fsmonitor config key (and 15+ similar keys such as core.hookspath, diff.external, merge.tool, etc.) can specify arbitrary shell commands that git will execute as part of normal operations like status, diff, or rev-parse. This vulnerability is fixed in 1.0.43.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45033
[Vendor advisory]https://github.com/github/copilot-cli/security/advisories/GHSA-9ccr-r5hg-74gf
[Vendor advisory]https://github.com/github/copilot-cli/security/advisories/GHSA-9ccr-r5hg-74gf

Related CVEs

Same vendor

CVE-2026-48501 — GitHub CLI (gh) is GitHub’s official command line tool (7.4 HIGH)
CVE-2026-9312 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to... (8.2 HIGH)
CVE-2026-8606 — A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the serve... (5.9 MEDIUM)
CVE-2026-45803 — `gh` is GitHub’s official command line tool (3.5 LOW)
CVE-2026-29783 — The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash ... (7.8 HIGH)

Same CWE

CVE-2026-49318 — Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows ... (2.4 LOW)
CVE-2026-49317 — Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows ... (2.4 LOW)
CVE-2026-44919 — In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:... (4.3 MEDIUM)
CVE-2024-45157 — An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used (5.1 MEDIUM)