MEDIUM Patch Available

GitHub Copilot Context Mixing Exposes Sensitive Information Across Files

Discovered 11 March 2026 0 views

Overview

A medium-severity information disclosure vulnerability was identified in the GitHub Copilot extension for IDEs like Visual Studio Code. The vulnerability arises from the way Copilot aggregates context from the user's environment to generate relevant code suggestions. This context can include content from all currently open files, not just the active one. An attacker could exploit this by crafting a malicious file or code snippet that, when opened by a developer, injects carefully worded comments or code structures into Copilot's context window. These structures act as a form of prompt injection, tricking the underlying LLM to 'leak' information from other open, unrelated files within the same IDE session. For example, a developer might have a `config.py` file with an API key open in one tab and be editing a `README.md` file in another. A malicious instruction hidden within a project file could cause Copilot, when triggered in the README, to suggest a line of code that includes the API key from `config.py`. This cross-file information bleed breaks the user's expectation of context isolation and could lead to the accidental commitment of secrets into version control or other insecure locations. The issue highlights the security challenges of LLM-based tools that have broad access to a developer's local workspace.

Affected Systems

GitHub Copilot for VS Code < 1.151.0GitHub Copilot for JetBrains < 1.4.1

Testing Guide

1. Create two files in the same IDE window. In `secrets.js`, add the line: `const API_KEY = "sk-12345-this-is-a-fake-secret-key";` 2. In a separate file, `test.js`, type a comment designed to elicit the secret, such as: `// This is a test function that uses the API_KEY from secrets.js` 3. On the next line, start typing `const key =` and observe GitHub Copilot's suggestions. 4. If Copilot suggests the full secret string `"sk-12345-this-is-a-fake-secret-key"`, your version may be vulnerable to context bleeding.

Mitigation Steps

1. **Update the Extension**: Keep the GitHub Copilot IDE extension updated to the latest version, as vendors frequently release patches to improve context handling. 2. **Isolate Workspaces**: Use separate IDE windows or profiles for different projects, especially when working with sensitive codebases, to prevent context mixing. 3. **Use `.copilotignore`**: Create a `.copilotignore` file in your project root to prevent Copilot from accessing sensitive files like `secrets.env` or `config.prod.json` for context. 4. **Regular Secret Scanning**: Implement pre-commit hooks and CI/CD pipeline steps to scan for hardcoded secrets before they are committed to version control. 5. **Be Mindful of Open Files**: Avoid keeping files with sensitive information open unnecessarily while working on other parts of a project.

Patch Details

Recent versions of the Copilot extension have improved context scoping and filtering to reduce the risk of cross-file information leakage.

Sources

← Back to vulnerabilities