DispatchCVE-2026-29783 GitHub Copilot CLI Shell Expansion RCEPromptArmor·high signalCopilot CLI arbitrary code execution via bash parameter expansion. Safety check classifies as read-only but shell expansion executes hidden commands including reverse shells. CVSS High. Patched in 0.0.423.SourceSource pagePromptArmor↳ Follow the threadStack layer / Threat patternArmadin details full sandbox escape in Anthropic's Claude Cowork; Anthropic disputes, silently patchesSiliconANGLEStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / ContrastVisual Studio Reworks How It Tracks GitHub Copilot UsageInfoWorldStack layer / Update threadClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsStack layer / Threat patternClaude Cowork Sandbox-Escape Chain Reportedly Escalates Local Code Execution to RootCyberdessertsStack layer / Threat pattern'GitLost' Prompt Injection Tricks GitHub's Agentic Workflows Into Leaking Private ReposNoma SecurityStack layer / Update threadBrowser Tools for GitHub Copilot in VS Code Reach General AvailabilityGitHub ChangelogPolicy dependency / Stack layerAnthropic opens Claude for Government betaAnthropic