One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker NewsArchived Jun 03, 2026✓ Full text saved
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said. GitHub supports a feature called GitHub.dev that runs as
Full text archived locally
✦ AI Summary· Claude Sonnet
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ravie LakshmananJun 03, 2026Vulnerability / Software Development
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.
"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as a lightweight web-based source code editor in the web browser's sandbox by launching a VS Code environment. It allows users to send pull requests and make commits.
"This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf," Askar said. "The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to."
In a nutshell, the vulnerability allows attackers to install malicious VS Code extensions that steal GitHub OAuth tokens when they are passed to GitHub.dev by exploiting a message-passing mechanism between the main VS Code window and webviews. Webviews are used to render Markdown previews or edit Jupyter notebooks.
Specifically, the exploit runs malicious JavaScript inside an untrusted webview to simulate keypresses (aka keydown events) in the main editor window, open the Command Palette by triggering "Ctrl+Shift+P," and install an attacker-controlled extension that extracts the GitHub OAuth token sent to GitHub.dev and queries the GitHub API to enumerate all private repositories the victim can access.
It's worth noting the approach also leverages a VS Code feature called local workspace extensions that allows an extension to be directly installed without presenting any additional trust dialog prompt as long as it's placed in the ".vscode/extensions" folder within that workspace, effectively bypassing the publisher trust check.
"This is just a small hiccup though, one of the things that extensions can do as part of their package.json is to contribute extra keybindings to VS Code," the researcher explained. "Since we can reliably trigger keybindings, we can just add a keybind for whatever VS Code command we want, such as installing an extension while skipping the trusted publisher check."
The researcher also noted GitHub was notified of the vulnerability on June 2, 2026, an hour after which details of the issue were made public knowledge, citing Microsoft's handling of VS Code-related bugs in the past. As of writing, Microsoft has acknowledged the vulnerability and noted that it's working on a fix.
"To clarify, this issue does not affect VS Code Desktop," Alexandru Dima, a partner software engineering manager at Microsoft, said.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
browser security, cybersecurity, Extension Security, GitHub, Microsoft, OAuth, Software Development, Visual Studio Code, Vulnerability
⚡ Top Stories This Week
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Load More ▼
⭐ Featured Resources
Learn How to Stop Attacks Before They Reach Your EDR – With PHASR
Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report
[Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)
Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo)