Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN490
_____________________________________________________________________

DATE                : 13/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running @github/copilot (npm) versions
                                   prior to 1.0.43.

=====================================================================
https://github.com/github/copilot-cli/security/advisories/GHSA-9ccr-r5hg-74gf
_____________________________________________________________________


GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary
Commands via core.fsmonitor

High severity GitHub Reviewed Published May 6, 2026 in github/copilot-cli

Vulnerability details

Package
@github/copilot (npm)

Affected versions
<= 1.0.42

Patched versions
1.0.43

Description

Summary

A security vulnerability has been identified in GitHub Copilot CLI
where a malicious bare git repository nested inside a project
directory can achieve arbitrary code execution when the agent
performs git operations. By exploiting git's automatic bare
repository discovery during directory traversal, an attacker can
set core.fsmonitor or other executable config keys to run arbitrary
commands without user awareness or approval.


Details

Git supports bare repositories — repositories without a working
tree — which can be discovered automatically when git traverses
the directory hierarchy looking for a .git directory. When git
discovers a bare repository, it reads and applies its configuration,
including keys that specify external commands to execute.

The vulnerability arises because git's core.fsmonitor config key
(and 15+ similar keys such as core.hookspath, diff.external,
merge.tool, etc.) can specify arbitrary shell commands that git
will execute as part of normal operations like status, diff,
or rev-parse.
Attack Scenario

An attacker can exploit this by:

    Creating a bare git repository nested inside a seemingly
normal project directory (e.g., vendor/malicious.git/ or a
deeply nested subdirectory)
    Configuring core.fsmonitor (or similar keys) in that bare
repository to execute a malicious command
    When GitHub Copilot CLI performs any git operation that
traverses into or through that directory, git auto-discovers
the bare repository, reads its config, and executes the
attacker's command

This can occur when:

    The agent navigates into a subdirectory containing the
buried bare repo
    The agent runs git status, git diff, or other routine git
commands
    The agent uses tools like grep or glob that may trigger
git operations in subdirectories

Prior to the fix, the CLI had no protection against git
auto-discovering bare repositories during directory
traversal.


Impact

An attacker who can place a malicious bare repository
inside a project — for example, through:

    A pull request adding a directory that contains a bare repository
    A compromised or malicious dependency that includes a bare repository
    A cloned repository that already contains nested bare repositories

— could achieve arbitrary code execution on the user's
workstation whenever GitHub Copilot CLI performs git
operations in or near the malicious directory.

Successful exploitation could lead to data exfiltration,
credential theft, file modification, or further system
compromise.


Affected Versions

    GitHub Copilot CLI versions prior to 1.0.42


Remediation and Mitigation

Fix

The fix sets safe.bareRepository=explicit via git's
GIT_CONFIG_COUNT / GIT_CONFIG_KEY_* / GIT_CONFIG_VALUE_* environment
variable mechanism, which has the highest precedence over all
config file sources. This prevents git from automatically
discovering and using bare repositories during directory
traversal — only explicitly allowlisted bare repositories
will be used.


User Actions

    Upgrade GitHub Copilot CLI to 1.0.43 or later.
    Exercise caution when working in repositories that contain
nested bare git repositories.
    Review project directories for unexpected bare repositories,
especially in vendor/, third_party/, or deeply nested
subdirectories.


References

    GHSA-9ccr-r5hg-74gf

Severity
High
8.5/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Local
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS score

Weaknesses
Weakness CWE-696

CVE ID
CVE-2026-45033

GHSA ID
GHSA-9ccr-r5hg-74gf

Source code
github/copilot-cli


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================