CVE-2026-29783
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-78
Neutralización incorrecta de elementos especiales usados en un comando de sistema operativo (Inyección de comando de sistema operativo)
Fecha de publicación:
06/03/2026
Última modificación:
06/03/2026
Descripción
*** Pendiente de traducción *** The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository files, MCP server responses, or user instructions) can exploit bash parameter transformation operators to execute hidden commands, bypassing the safety assessment that classifies commands as "read-only." This has been patched in version 0.0.423. <br />
<br />
The vulnerability stems from how the CLI&#39;s shell safety assessment evaluates commands before execution. The safety layer parses and classifies shell commands as either read-only (safe) or write-capable (requires user approval). However, several bash parameter expansion features can embed executable code within arguments to otherwise read-only commands, causing them to appear safe while actually performing arbitrary operations.<br />
<br />
The specific dangerous patterns are ${var@P}, ${var=value} / ${var:=value}, ${!var}, and nested $(cmd) or
Impacto
Puntuación base 4.0
7.50
Gravedad 4.0
ALTA