Back to news
security Priority 4/5 7/11/2026, 11:05:15 AM

CodeQL 2.26.0 Introduces Kotlin 2.4.0 Support and AI Prompt Injection Detection for JS and TS

CodeQL 2.26.0 Introduces Kotlin 2.4.0 Support and AI Prompt Injection Detection for JS and TS

GitHub has rolled out CodeQL version 2.26.0, updating its static analysis engine to support contemporary language specifications and AI security models. This release introduces support for Kotlin 2.4.0, allowing teams working on the latest Kotlin versions to run deep security scans. Furthermore, CodeQL addresses emerging security risks in generative AI applications by adding dedicated queries designed to flag prompt injection vulnerabilities within JavaScript and TypeScript codebases.

Related tools

Recommended tools for this topic

These picks prioritize high-intent tools relevant to this topic. Some links may include partner or affiliate tracking.

#github#codeql#security#kotlin#llm

Action Checklist

  1. Update GitHub Actions workflows or local CLI configurations to use CodeQL 2.26.0 Ensure your action runners pulling CodeQL are synchronized with the latest release.
  2. Verify Kotlin projects compile properly on Kotlin 2.4.0 before initiating the updated static analysis CodeQL relies on successful compilation for detailed semantic analysis.
  3. Audit JavaScript and TypeScript codebases utilizing OpenAI, Anthropic, or Google GenAI SDKs The new rules specifically target API session instructions, legacy completion endpoints, and cached content.
  4. Review C# Razor Page configurations and Go log/slog implementations for newly flagged remote flow sources and log injections Enhanced sink definitions might surface new alerts that were previously skipped.

Source: GitHub Changelog

This page summarizes the original source. Check the source for full details.

Related