Microsoft has released Visual Studio Code 1.128.1 to patch a security vulnerability that could let attackers steal credentials from GitHub Copilot over a network. The update, published on July 14, 2026, addresses CVE-2026-47282, an information-disclosure flaw that Microsoft says involves insufficiently protected credentials. Every developer running VS Code with Copilot enabled should update immediately—and enterprises need to verify that every installation across their fleet has been patched.
The Vulnerability at a Glance
According to Microsoft’s Security Response Center advisory, CVE-2026-47282 affects all stable releases of Visual Studio Code prior to version 1.128.1. The vulnerability allows an unauthenticated attacker to obtain sensitive information over a network. In plain English: someone on the same network could potentially pluck authentication tokens or other secrets that Copilot uses to interact with GitHub and your private repositories.
The vulnerability is classified as Medium severity with a CVSS 3.1 score of 6.5. That score balances the technical ease of exploitation against impact, but it doesn’t factor in the kind of credentials that might be exposed. For a developer logged into GitHub with access to production code, private repos, or enterprise secrets, a medium-severity rating can translate into a high-impact incident.
Microsoft has not published a detailed technical write-up, proof of concept, or a step-by-step attack scenario. The advisory confirms the weakness class (insufficiently protected credentials) and the network attack vector. Without a public PoC, defenders can’t write specific detection rules—but they can, and should, remove the vulnerable condition entirely by updating.
Who Is Affected
The CVE record lists Visual Studio Code from version 1.0.0 up to, but not including, 1.128.1 as affected. That covers nearly every VS Code installation in use today if it hasn’t already been updated. The fix is contained in VS Code 1.128.1, so installing that version or any subsequent release closes the hole.
Affected installations include:
- System-wide Visual Studio Code installations on Windows, macOS, and Linux.
- Per-user installations—common on Windows machines where VS Code was installed without admin rights.
- Portable copies of VS Code that developers carry on USB drives or store in network folders.
- Pre-release channels such as Insiders builds are not explicitly listed but should be assumed affected until Microsoft clarifies.
- VS Code instances running inside cloud PCs, virtual desktops, or containerized development environments.
If you use GitHub Copilot inside VS Code, you are squarely in the blast radius. The advisory names both products jointly, signaling that the vulnerability lies in how Copilot’s credentials are handled within the editor—not in a standalone Windows component. Do not assume that installing the latest Windows cumulative update will fix this; the patch is for the application itself.
Why This Matters for Developers and Admins
Copilot operates in a context rich with authentication state. It has access to your GitHub identity, the workspace you have open, any extensions you use, and potentially environment variables or configured tokens. If an attacker can steal the credential that Copilot uses to communicate with GitHub, they could:
- Clone private repositories your account can access.
- Read sensitive source code, internal documentation, or infrastructure-as-code files.
- Identify other services your GitHub account is linked to and pivot from there.
- Generate malicious code suggestions that could introduce further vulnerabilities if the token session is still active.
For enterprise administrators, the risk is even higher. A developer’s GitHub token often has broad access to the organization’s repositories, CI/CD pipelines, and package registries. An exposed token could become a stepping stone into the wider corporate network.
The medium CVSS score shouldn’t lull anyone into complacency. CVSS is a measurement of exploitability and technical impact under standard conditions; it does not account for the business value of the data at risk. A stolen credential that unlocks a company’s entire source code repository is a critical event regardless of the score.
Moreover, because the attack vector is network-based, an attacker does not need to have logged into the developer’s machine. Being on the same local network—typically an easy condition to meet in coffee shops, co-working spaces, or corporate offices with guest Wi-Fi—could be enough.
How to Patch and Verify
For individual developers:
- Open Visual Studio Code.
- Go to Help > Check for Updates (or use the Command Palette and run “Search for Updates”).
- The editor should download and prompt you to restart to install version 1.128.1 or later.
- After restart, confirm the version by running
code --versionin a terminal or checking Help > About. You should see1.128.1or higher.
If you have multiple VS Code installations—for example, Stable and Insiders—update each separately. Portable installations need to be replaced manually with the latest download from the VS Code website.
If you use Remote Development extensions (SSH, Containers, WSL), updating the local VS Code client is what counts for this vulnerability. However, you should also ensure that the VS Code Server component on the remote host is updated, which typically happens automatically when you reconnect with an updated client.
For IT administrators managing fleets:
- Identify every device with VS Code installed. Don’t rely solely on your software inventory if users have per-user or portable copies.
- For managed deployments (Intune, Configuration Manager, winget), push the latest approved package.
- For virtual desktop images (Windows 365 Cloud PCs, Azure Virtual Desktop, golden images), update the base image and redeploy.
- Verify the version on a per-machine basis. A device that reports “all OS patches installed” is not safe here; you must check the VS Code application version.
- Record the installed channel (Stable vs. Insiders), exact version, and whether Copilot is enabled for each endpoint. This inventory will speed future incident response.
Microsoft has not identified any temporary mitigations or workarounds. Disabling Copilot might reduce risk, but without technical details it’s unclear whether that fully removes the attack surface. The most reliable action is to upgrade.
Beyond the Patch: Securing Your Credentials
If you ran an older version of VS Code with Copilot active, consider the possibility that your credentials were already leaked. Look for suspicious activity:
- In GitHub: check your account’s security log for unusual repository clones, new SSH keys, unexpected OAuth authorizations, or changes to personal access tokens.
- In your organization’s audit logs: look for anomalous access to private repos, package downloads, or modifications to branch protection rules.
- On your machine: be alert for unexpected network connections or unusual processes, though the vulnerability’s network vector makes local forensic artifacts less likely.
If you see anything suspicious, revoke the affected tokens immediately. Generate new GitHub personal access tokens with the narrowest scope necessary. If you use SSH keys for Git operations, those were likely not exposed, but rotating them is a prudent precaution.
Long-term, developers should avoid using long-lived, broad-scoped tokens where short-lived or fine-grained alternatives exist. GitHub’s own documentation recommends using fine-grained personal access tokens and, where possible, OAuth apps with limited permissions. This incident is a reminder that even tools you trust can become a liability if they hold credentials they don’t need.
The Bigger Picture
CVE-2026-47282 is not the first vulnerability to emerge from the collision of AI-assisted coding tools and traditional security boundaries. As Copilot and similar assistants become more deeply integrated into development environments, they inherit the authentication context of the editor. That makes them attractive targets.
Microsoft’s advisory is clear but sparse. The absence of a detailed attack primer means defenders can’t yet build precise detections, but it doesn’t diminish the need for swift patching. The company published the CVE on a Tuesday—its standard Patch Tuesday cadence—and the fix was likely included in the normal monthly release of VS Code.
Developers should get used to treating VS Code updates with the same urgency as operating system patches. For enterprises, this means incorporating code editor updates into existing vulnerability management processes, not leaving them to individual developer discretion. The days of viewing a code editor as a low-risk, user-managed tool are over.
Watch for two things in the coming weeks: any updates to the MSRC advisory that add technical depth or indicators, and any reports of in-the-wild exploitation. For now, the message is simple: update to VS Code 1.128.1, verify you’re no longer vulnerable, and consider a quick audit of your GitHub credentials. The patch is free, the update takes minutes, and the alternative is a credential leak you didn’t see coming.