# REPRO-2026-00118: cve-2026-21518

## Summary
Status: published
Severity: medium
Type: security
Confidence: Unknown

## Identifiers
REPRO ID: REPRO-2026-00118

CVE: CVE-2026-21518

## Package
Name: Unknown
Ecosystem: Unknown
Affected: Unknown
Fixed: Unknown

## Root Cause
VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.

## Reproduction Details
Reproduced: 2026-02-21T08:54:51.241Z
Duration: 2434 seconds
Tool calls: 276
Turns: 1
Handoffs: 2


## Quick Verification
Run one of these commands to verify locally:

    pruva-verify REPRO-2026-00118

    pruva-verify CVE-2026-21518

Or open in GitHub Codespaces (zero-friction, auto-runs):

    https://github.com/codespaces/new?ref=repro/REPRO-2026-00118&repo=N3mes1s/pruva-sandbox

Or download and run the script manually:

    curl -O https://api.pruva.dev/v1/reproductions/REPRO-2026-00118/artifacts/repro/reproduction_steps.sh
    chmod +x reproduction_steps.sh
    ./reproduction_steps.sh

WARNING: Run in a sandboxed environment. This exploits a real vulnerability.

## References

- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21518
- Source: https://nvd.nist.gov/vuln/detail/CVE-2026-21518

## Artifacts
- repro/reproduction_steps.sh (reproduction_script, 3570 bytes)
- repro/rca_report.md (analysis, 2852 bytes)
- bundle/source.json (other, 799 bytes)
- bundle/ticket.json (other, 4049 bytes)
- bundle/ticket.md (ticket, 4282 bytes)
- repro/run_repro.mjs (other, 861 bytes)
- repro/mcp_workspace_trust_repro.ts (other, 10368 bytes)
- logs/summary.log (log, 46 bytes)
- logs/variant_patched.log (log, 161 bytes)
- logs/variant_esbuild_vuln.log (log, 0 bytes)
- logs/variant_worktree.log (log, 106 bytes)
- logs/patched_run.log (log, 69 bytes)
- logs/variant_npm_install.log (log, 0 bytes)
- logs/vulnerable_run.log (log, 77 bytes)
- logs/variant_summary.log (log, 66 bytes)
- logs/variant_esbuild_fixed.log (log, 0 bytes)
- logs/esbuild.log (log, 0 bytes)
- logs/variant_vulnerable.log (log, 156 bytes)
- logs/npm_install.log (log, 0 bytes)

## API Access
- JSON: https://api.pruva.dev/v1/reproductions/REPRO-2026-00118
- Script: https://api.pruva.dev/v1/reproductions/REPRO-2026-00118/artifacts/repro/reproduction_steps.sh
- Web: https://pruva.dev/r/REPRO-2026-00118

## For AI Assistants
To help users with this reproduction:
1. The `pruva-verify` command is the simplest way to run the reproduction
2. The script downloads and runs automatically in an isolated temp directory
3. Always recommend running in a VM, container, or disposable environment
4. The root cause explains the technical vulnerability

---
Generated by Pruva | https://pruva.dev