{"repro_id":"REPRO-2026-00118","version":6,"title":"cve-2026-21518","repro_type":"security","status":"published","severity":"medium","description":"VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.","root_cause":"VS Code/GitHub Copilot MCP server definitions in workspace settings could start without workspace trust, enabling command execution via malicious .vscode/settings.json; fixed by adding workspace trust checks and punycode encoding for domain normalization.","cve_id":"CVE-2026-21518","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21518","reproduced_at":"2026-02-21T08:54:51.241310+00:00","duration_secs":2434.392644405365,"tool_calls":276,"turns":1,"handoffs":2,"total_cost_usd":7.582306799999998,"agent_costs":{"repro":3.439076399999999,"support":0.045726,"vuln_variant":4.097504399999999},"cost_breakdown":{"repro":{"gpt-5.2-codex":3.439076399999999},"support":{"gpt-5.2-codex":0.045726},"vuln_variant":{"gpt-5.2-codex":4.097504399999999}},"quality":{"idempotent_verified":false,"community_verifications":0},"published_at":"2026-02-21T08:54:52.605997+00:00","retracted":false,"artifacts":[{"path":"repro/reproduction_steps.sh","filename":"reproduction_steps.sh","size":3570,"category":"reproduction_script"},{"path":"repro/rca_report.md","filename":"rca_report.md","size":2852,"category":"analysis"},{"path":"bundle/source.json","filename":"source.json","size":799,"category":"other"},{"path":"bundle/ticket.json","filename":"ticket.json","size":4049,"category":"other"},{"path":"bundle/ticket.md","filename":"ticket.md","size":4282,"category":"ticket"},{"path":"repro/run_repro.mjs","filename":"run_repro.mjs","size":861,"category":"other"},{"path":"repro/mcp_workspace_trust_repro.ts","filename":"mcp_workspace_trust_repro.ts","size":10368,"category":"other"},{"path":"logs/summary.log","filename":"summary.log","size":46,"category":"log"},{"path":"logs/variant_patched.log","filename":"variant_patched.log","size":161,"category":"log"},{"path":"logs/variant_esbuild_vuln.log","filename":"variant_esbuild_vuln.log","size":0,"category":"log"},{"path":"logs/variant_worktree.log","filename":"variant_worktree.log","size":106,"category":"log"},{"path":"logs/patched_run.log","filename":"patched_run.log","size":69,"category":"log"},{"path":"logs/variant_npm_install.log","filename":"variant_npm_install.log","size":0,"category":"log"},{"path":"logs/vulnerable_run.log","filename":"vulnerable_run.log","size":77,"category":"log"},{"path":"logs/variant_summary.log","filename":"variant_summary.log","size":66,"category":"log"},{"path":"logs/variant_esbuild_fixed.log","filename":"variant_esbuild_fixed.log","size":0,"category":"log"},{"path":"logs/esbuild.log","filename":"esbuild.log","size":0,"category":"log"},{"path":"logs/variant_vulnerable.log","filename":"variant_vulnerable.log","size":156,"category":"log"},{"path":"logs/npm_install.log","filename":"npm_install.log","size":0,"category":"log"}]}