REPRO-2026-00118 MEDIUM Verified

cve-2026-21518

Feb 21, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 40m 34s

Tool calls 276

What's the vulnerability?

VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00118

or pruva-verify CVE-2026-21518

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00118/artifacts/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/reproduction_steps.sh3.5 KB

repro/rca_report.md2.8 KB

bundle/source.json0.8 KB

bundle/ticket.json4.0 KB

bundle/ticket.md4.2 KB

repro/run_repro.mjs0.8 KB

repro/mcp_workspace_trust_repro.ts10.1 KB

logs/summary.log0.0 KB

logs/variant_patched.log0.2 KB

logs/variant_esbuild_vuln.log0.0 KB

logs/variant_worktree.log0.1 KB

logs/patched_run.log0.1 KB

logs/variant_npm_install.log0.0 KB

logs/vulnerable_run.log0.1 KB

logs/variant_summary.log0.1 KB

logs/variant_esbuild_fixed.log0.0 KB

logs/esbuild.log0.0 KB

logs/variant_vulnerable.log0.2 KB

logs/npm_install.log0.0 KB