Security researcher Ammar Askar disclosed a vulnerability in the GitHub.dev web editor that allowed an attacker to steal a GitHub OAuth token when a user followed a specially crafted link. According to the researcher, the stolen token granted read and write access to all of the victim’s repositories, including private ones. Microsoft confirmed the issue and reported that it was fixed on June 3, 2026. The vulnerability does not affect the desktop version of VS Code — only the browser-based GitHub.dev environment.
Attack mechanism: from click to full access
GitHub.dev is a lightweight web-based code editor that runs a VS Code environment directly in the browser. It lets users create commits and submit pull requests without installing local software. For authentication, github.com passes an OAuth token to github.dev via a POST request. As the researcher notes, this token is not limited to a specific repository and provides access to all repositories available to the user.
The attack chain described in the research exploits the postMessage communication mechanism between the main VS Code window and webview components, which are used to render Markdown previews and work with Jupyter notebooks. The attack proceeds in several stages:
- Malicious JavaScript inside an untrusted webview simulates key presses (keydown events) in the main editor window.
- The simulated Ctrl+Shift+P key combination opens the VS Code Command Palette.
- Through the Command Palette, an attacker-controlled extension is installed.
- The extension intercepts the OAuth token passed to GitHub.dev and uses the GitHub API to enumerate all private repositories available to the victim.
Bypassing publisher trust checks
A key element of the attack is the use of local workspace extensions. VS Code allows extensions to be installed directly from the .vscode/extensions folder inside a workspace without displaying an additional publisher trust confirmation dialog. According to the researcher, extensions can also register their own keyboard shortcuts via package.json, which makes it possible to invoke arbitrary VS Code commands, including extension installation, while bypassing the trusted publisher check.
Affected products and fix status
The vulnerability affects only GitHub.dev and the VS Code for the Web browser environment. As confirmed by Alexandru Dima, Partner Engineering Manager at Microsoft: “This issue does not impact VS Code Desktop.”
The timeline of events is noteworthy in its own right. The researcher notified GitHub about the vulnerability on June 2, 2026, and an hour later published the details publicly. Askar justified this decision by citing his previous experience dealing with Microsoft on similar issues in VS Code. Microsoft stated that the vulnerability was fixed on the service side on June 3, 2026, at 7:30 a.m. Pacific Time. According to the company, no action is required from users.
It is worth noting that no CVE identifier or CVSS score has been assigned to this vulnerability. A public PoC exploit is available on the researcher’s blog.
Impact assessment
The potential scale of the issue is determined by two factors. First, GitHub.dev is available to any GitHub user — it is enough to press the “.” key in any repository. Second, according to the researcher, the OAuth token was not scoped to a specific repository, which means compromise of all repositories the victim can access. For organizations that store proprietary code, infrastructure configurations, or secrets in private repositories, the impact could have been critical: from source code leaks to compromise of the software supply chain.
Recommendations
- Review token activity. Organizations that actively use GitHub.dev are advised to review GitHub audit logs for suspicious API operations prior to June 3, 2026 — in particular, bulk requests for repository listings.
- Rotate tokens. If there is reason to believe that users may have followed suspicious links leading to GitHub.dev, it is advisable to revoke and reissue OAuth tokens via GitHub settings.
- Limit token scope. For mission-critical repositories, use fine-grained personal access tokens with the minimum required permissions instead of full OAuth tokens.
- Control extensions. In corporate environments, restrict the list of allowed VS Code extensions using organization policies.
This incident highlights a systemic issue: web-based development environments inherit the browser’s security model while handling tokens with broad privileges. Despite Microsoft’s prompt remediation, organizations using GitHub.dev to work with private repositories should review GitHub logs for the period up to June 3 and ensure that the principle of least privilege is applied to access tokens.
