Skip to content
Verified reproduction

CVE-2026-21518: cve-2026-21518

CVE-2026-21518 is verified against the affected target This medium reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00118.

REPRO-2026-00118 Feb 21, 2026 CVE entry .txt
Severity MEDIUM
Confidence HIGH
Reproduced in 40m 34s
Tool calls 276
Spend $7.58
$ pruva-verify REPRO-2026-00118
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00118/artifacts/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.

03 · Root cause
VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

No artifacts available