GitHub Copilot CLI: Nested Bare Repository RCE via Git Configuration

A security vulnerability exists in GitHub Copilot CLI versions prior to 1.0.43 that allows for arbitrary code execution. The vulnerability stems from how Git handles bare repositories nested within a project directory. An attacker can create a malicious bare Git repository with a specially crafted configuration. When GitHub Copilot CLI performs Git operations, it may inadvertently discover and read the configuration of the malicious bare repository, leading to the execution of arbitrary commands defined within settings like core.fsmonitor. This poses a significant risk, as the execution occurs without user consent or awareness. This vulnerability was addressed in version 1.0.43 by setting safe.bareRepository=explicit through environment variables.

Attack Chain

1. An attacker crafts a malicious bare Git repository.
2. The attacker nests the malicious repository within a project directory (e.g., vendor/malicious.git/).
3. The attacker configures the core.fsmonitor setting within the malicious bare repository to execute arbitrary commands. Other settings like core.hookspath, diff.external, and merge.tool could also be targeted.
4. A user clones or otherwise acquires the project containing the malicious repository. This could occur through a pull request, dependency, or other means.
5. GitHub Copilot CLI performs a Git operation (e.g., git status, git diff, git rev-parse) that traverses into or through the directory containing the malicious bare repository.
6. Git automatically discovers the bare repository during directory traversal.
7. Git reads the configuration of the discovered bare repository, including the attacker-controlled core.fsmonitor setting.
8. The attacker’s arbitrary command is executed on the user’s system, leading to potential data exfiltration, credential theft, file modification, or further system compromise.

Impact

Successful exploitation of this vulnerability allows an attacker to achieve arbitrary code execution on a user’s workstation whenever GitHub Copilot CLI performs Git operations near the malicious directory. This could lead to data exfiltration, credential theft, file modification, or further system compromise. The vulnerable versions of GitHub Copilot CLI are those prior to 1.0.43. The vulnerability highlights the danger of trusting implicitly-configured Git repositories within a project.

Recommendation

• Upgrade GitHub Copilot CLI to version 1.0.43 or later to incorporate the fix for CVE-2026-45033.
• Deploy the Sigma rule “Detect Suspicious Git Configuration Modification” to monitor for unauthorized changes to Git configuration settings.
• Enable process creation logging to detect execution from unusual git configuration locations, as detected by the rule “Detect Git Command Execution from Unusual Locations”.