{"id":1141,"date":"2026-06-03T13:56:50","date_gmt":"2026-06-03T13:56:50","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1141"},"modified":"2026-06-03T13:56:50","modified_gmt":"2026-06-03T13:56:50","slug":"one-click-github-dev-attack-lets-attackers-steal-full-github-oauth-tokens","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1141","title":{"rendered":"One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Jun 03, 2026<\/span><\/span>Vulnerability \/ Software Development<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.<\/p>\n

\u00abJust by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,\u00bb security researcher Ammar Askar said<\/a>.<\/p>\n

GitHub supports a feature called GitHub.dev<\/a> that runs as a lightweight web-based source code editor<\/a> in the web browser’s sandbox by launching a VS Code environment. It allows users to send pull requests and make commits.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

\u00abThis functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf,\u00bb Askar said. \u00abThe token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.\u00bb<\/p>\n

In a nutshell, the vulnerability allows attackers to install malicious VS Code extensions that steal GitHub OAuth tokens when they are passed to GitHub.dev by exploiting a message-passing mechanism<\/a> between the main VS Code window and webviews<\/a>. Webviews are used to render Markdown previews or edit Jupyter notebooks.<\/p>\n

\"\"<\/a><\/div>\n

Specifically, the exploit runs malicious JavaScript inside an untrusted webview to simulate keypresses (aka keydown events) in the main editor window, open the Command Palette by triggering \u00abCtrl+Shift+P,\u00bb and install an attacker-controlled extension that extracts the GitHub OAuth token sent to GitHub.dev and queries the GitHub API to enumerate all private repositories the victim can access.<\/p>\n

It’s worth noting the approach also leverages a VS Code feature called local workspace extensions<\/a> that allows an extension to be directly installed without presenting any additional trust dialog prompt<\/a> as long as it’s placed in the \u00ab.vscode\/extensions\u00bb folder within that workspace, effectively bypassing the publisher trust check.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

\u00abThis is just a small hiccup though, one of the things that extensions can do as part of their package.json is to contribute extra keybindings to VS Code,\u00bb the researcher explained. \u00abSince we can reliably trigger keybindings, we can just add a keybind for whatever VS Code command we want, such as installing an extension while skipping the trusted publisher check.\u00bb<\/p>\n

The researcher also noted GitHub was notified<\/a> of the vulnerability on June 2, 2026, an hour after which details of the issue were made public knowledge, citing Microsoft’s handling<\/a> of VS Code-related bugs<\/a> in the past. As of writing, Microsoft has acknowledged the vulnerability and noted that it’s working on a fix.<\/p>\n

\u00abTo clarify, this issue does not affect VS Code Desktop,\u00bb Alexandru Dima, a partner software engineering manager at Microsoft, said.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\ue804Ravie Lakshmanan\ue802Jun 03, 2026Vulnerability \/ Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub…<\/p>\n","protected":false},"author":1,"featured_media":1142,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[220,622,1886,753,71,332,381,1885,571,146],"class_list":["post-1141","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-attack","tag-attackers","tag-dev","tag-full","tag-github","tag-lets","tag-oauth","tag-oneclick","tag-steal","tag-tokens"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1141"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1141\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1142"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}