CVE-2026-50510 is a GitHub Copilot remote code execution vulnerability caused by improper restriction of names for files and other resources. Microsoft rates it CVSS v3.1 7.8 (High) with a temporal score of 6.8; the vector is local access, low attack complexity, no privileges required, and user interaction required, with high confidentiality, integrity, and availability impact. Exploit status is not reported as public or active, and exploit code maturity is unproven. Because the attack vector is local and requires user interaction, enterprise risk is lower than for network-exploitable RCE, but it remains a high-severity issue for systems where users can be induced to open or process attacker-controlled content in a Copilot-enabled local context. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Not stated as "Exploitation More Likely"; vector context is LOCAL, LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High severity by CVSS, but real-world enterprise exposure is reduced by the local attack vector and required user interaction; it is not a network-exposed, no-interaction service issue. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.