CVE-2026-29783
Arbitrary Code Execution via Bash Expansion in GitHub Copilot CLI
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| github | copilot_cli | to 0.0.423 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-29783 is a vulnerability in GitHub Copilot CLI versions up to 0.0.422 that allows arbitrary code execution through crafted bash parameter expansion patterns. The shell tool\'s safety assessment misclassifies certain commands as "read-only" when they actually contain embedded executable code via bash parameter expansions such as ${var@P}, ${var=value}, ${var:=value}, ${!var}, and nested command substitutions like $(cmd) or <(cmd).'}, {'type': 'paragraph', 'content': 'An attacker who can influence commands executed by the agentβthrough prompt injection in repository files, compromised MCP server responses, or crafted user instructionsβcan exploit these expansions to execute hidden commands. This bypasses the safety checks designed to prevent write operations without user approval.'}, {'type': 'paragraph', 'content': "Successful exploitation can lead to arbitrary code execution on the user's workstation, potentially resulting in data exfiltration, file modification, or further system compromise. The vulnerability was patched in version 0.0.423."}] [2]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized arbitrary code execution on your machine. An attacker exploiting this flaw can run hidden commands that appear safe but actually perform malicious actions.
- Data exfiltration: Sensitive information could be stolen.
- File modification: Important files could be altered or corrupted.
- Further system compromise: The attacker could gain deeper access or control over your system.
Exploitation requires no special privileges but does require user interaction to execute the malicious commands. The vulnerability can be triggered via malicious repository content, compromised server responses, or crafted user instructions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying the presence of GitHub Copilot CLI versions prior to or including 0.0.422 on your system, as these versions are vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for shell commands that include dangerous bash parameter expansion patterns such as `${var@P}`, `${var=value}`, `${var:=value}`, `${!var}`, and nested command substitutions like `$(cmd)` or `<(cmd)` inside `${...}` expansions can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves crafted bash parameter expansions that bypass safety checks, you can search shell command logs or scripts for these specific patterns.'}, {'type': 'list_item', 'content': 'Use command-line tools like grep to scan for suspicious patterns in shell scripts or command histories, for example:'}, {'type': 'list_item', 'content': "grep -r '\\${[^}]*@P}' /path/to/scripts_or_logs"}, {'type': 'list_item', 'content': "grep -r '\\${[^}]*=[^}]*}' /path/to/scripts_or_logs"}, {'type': 'list_item', 'content': "grep -r '\\${!.*}' /path/to/scripts_or_logs"}, {'type': 'list_item', 'content': "grep -r '\\$\\(.*\\)' /path/to/scripts_or_logs"}, {'type': 'list_item', 'content': "grep -r '<\\(.*\\)' /path/to/scripts_or_logs"}, {'type': 'paragraph', 'content': 'Also, verify the installed version of GitHub Copilot CLI by running:'}, {'type': 'list_item', 'content': 'copilot --version'}, {'type': 'paragraph', 'content': 'If the version is 0.0.422 or earlier, the system is vulnerable.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation is to upgrade GitHub Copilot CLI to version 0.0.423 or later, where this vulnerability has been patched.
Version 0.0.423 introduces enhanced detection and blocking of dangerous bash parameter expansions, prompts users for approval on potentially dangerous commands, and hardens system prompts to refuse execution of malicious commands.
Additional mitigation steps include:
- Avoid using untrusted repositories or MCP servers that could inject malicious commands.
- Carefully review shell commands involving complex parameter expansions suggested by the agent before execution.
- Disable or restrict features like the /share gist functionality if not needed, as the patched version blocks this for certain users to prevent unauthorized sharing.
These steps collectively reduce the risk of arbitrary code execution through this vulnerability.