Description
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory traversal, an attacker can set core.fsmonitor or other executable config keys to run arbitrary commands without user awareness or approval. The vulnerability arises because git's core.fsmonitor config key (and 15+ similar keys such as core.hookspath, diff.external, merge.tool, etc.) can specify arbitrary shell commands that git will execute as part of normal operations like status, diff, or rev-parse. This vulnerability is fixed in 1.0.43.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when GitHub Copilot CLI discovers a malicious nested bare Git repository and unintentionally executes arbitrary shell commands specified in configuration keys such as core.fsmonitor. This flaw, classified under CWE‑696, enables an attacker to run any command during regular Git operations like status or diff, potentially leading to full code execution without user approval.

Affected Systems

GitHub Copilot CLI versions before 1.0.43 are affected. Any installation of the CLI that allows a user or process to create or modify nested bare repositories inside a workspace is at risk.

Risk and Exploitability

With a CVSS score of 8.5, the vulnerability is considered high severity. Although the EPSS score is not available, the direct exploitation path—placing a bare repository with malicious config keys—is straightforward for users with write access to the repository’s directory. The flaw is not currently listed in the CISA KEV catalog, but its high impact and ease of exploitation suggest that it could be leveraged in both local and service contexts where the CLI runs with elevated privileges.

Generated by OpenCVE AI on May 13, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GitHub Copilot CLI to version 1.0.43 or later.
  • Disable or remove any Git configuration keys that allow arbitrary command execution, such as core.fsmonitor, core.hookspath, diff.external, merge.tool, and the 15 other similar keys, in all affected repositories.
  • Ensure that no nested bare repositories are present in the project directories accessed by the CLI, or restrict write access to those directories to trusted users only.

Generated by OpenCVE AI on May 13, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9ccr-r5hg-74gf GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
History

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github copilot
Vendors & Products Github
Github copilot

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory traversal, an attacker can set core.fsmonitor or other executable config keys to run arbitrary commands without user awareness or approval. The vulnerability arises because git's core.fsmonitor config key (and 15+ similar keys such as core.hookspath, diff.external, merge.tool, etc.) can specify arbitrary shell commands that git will execute as part of normal operations like status, diff, or rev-parse. This vulnerability is fixed in 1.0.43.
Title GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
Weaknesses CWE-696
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Github Copilot
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-13T18:38:57.370Z

Reserved: 2026-05-08T16:58:28.897Z

Link: CVE-2026-45033

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:17:00.313

Modified: 2026-05-13T19:17:29.767

Link: CVE-2026-45033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:30:15Z

Weaknesses