VS Code zero-day lets hackers steal GitHub tokens in one click

VS Code Zero-Day Lets Hackers Steal GitHub Tokens in One Click

OverviewA security researcher revealed a zero-day vulnerability in Visual Studio Code (VS Code) that enables attackers to steal GitHub authentication tokens with a single click. The flaw is exercised through the browser-based editor github.dev, which is used in conjunction with VS Code’s sandboxed webview messaging system. A proof-of-concept demonstrates how malicious extensions installed via the VS Code editor can exfiltrate OAuth tokens sent to github.dev, potentially granting attackers broad access to a user’s GitHub repositories.

Technical Details

Entry point: The attack leverages the webview messaging interface used by VS Code to communicate with browser-based components, notably github.dev.
Mechanism: By loading a crafted, malicious extension, an attacker can run JavaScript inside the webview that interacts with the main editor, effectively bypassing privacy boundaries and capturing the GitHub OAuth token exchanged with github.dev.
Token use: The captured token is sent to GitHub with the permissions of the token holder, not scoped to a single repository. This means the attacker could access any private repositories the user is authorized to view or modify.
Scope risk: Since the token’s reach isn’t limited to the specific repository that the user was inspecting, it can enable broader access to the user’s GitHub environment.

Proof-of-Concept (PoC)

Release: A PoC was published by the researcher demonstrating the attack flow.
Method: The PoC executes malicious JavaScript inside a VS Code webview to simulate user actions and install a rogue extension that harvests the GitHub OAuth token being sent to github.dev.
Outcome: The PoC shows how the attacker can query the GitHub API to enumerate private repositories accessible to the token holder, illustrating the potential scale of the breach.

Impact and Security Considerations

Immediate risk: The vulnerability enables token theft in a single user action, which can pave the way for unauthorized access to private code, sensitive data, and potentially entire repositories.
Token breadth: Since OAuth tokens typically grant broad access across GitHub resources, the stolen token can be misused to perform actions on behalf of the user, beyond the scope of any single project.
Patch status: As of the disclosure, a patch or CVE designation had not been issued yet, leaving users exposed while the vulnerability remains unmitigated in official channels.

Disclosure Timeline and Community Response

Notification and disclosure: The researcher indicated that GitHub was notified an hour before public disclosure, citing a preference for full public disclosure due to unsatisfactory prior experiences with security response processes.
Public discourse: The disclosure case is part of a broader pattern in which researchers have voiced concerns about handling security issues in large software ecosystems, including interactions with security response centers.
Related zero-days: The broader narrative includes a sequence of zero-day disclosures involving Microsoft products, often led by anonymous researchers under handles such as Nightmare Eclipse. Notable entries in that stream included privilege-escalation flaws and other critical vulnerabilities, some of which were reportedly exploited in attacks.
Organizational responses: Industry players have weighed in on disclosure practices, with mixed public reactions ranging from policy statements to discussions about coordinated vulnerability management.

Context and Broader Significance

Platform ecosystem risk: The incident underscores how complex tooling ecosystems—combining desktop editors, browser-based development environments, and extension ecosystems—can introduce unforeseen security gaps.
Zero-day dynamics: The case illustrates the tension between rapid disclosure to drive patching and concerns about fair credit and responsible handling within large organizations.
Security posture implications: For developers and organizations relying on remediations and automated tooling, the event highlights the importance of securing token handling, sandbox boundaries, and trust relationships between editor components and web-based utilities.

Current Status and Next Steps

Status: The vulnerability remains unpatched in official channels as of the disclosure, with no CVE assigned at the time of reporting.
Considerations for users: Awareness of token exposure risks in workflows that involve browser-based development tooling is essential. Organizations and developers should monitor for advisories from VS Code and GitHub and follow any official guidance once a patch or mitigation is released.
Ongoing discourse: The incident is part of an ongoing conversation about how security disclosures are managed across major software vendors and the balance between public transparency and coordinated remediation.

Additional Context

Platform interdependencies: The incident sits at the intersection of code editors, browser-based development environments, and the GitHub OAuth ecosystem, showing how a flaw in one component can cascade into broader access risks.
Historical parallels: The security community has long observed that sandboxed environments, while offering powerful capabilities, must be carefully designed to prevent cross-boundary data leakage, especially when tokens with broad access are involved.

Note

This post synthesizes information about the vulnerability, its PoC, and the surrounding disclosure context based on reported details of the incident. It focuses on describing the technical aspects, potential impact, and the broader security discourse without prescribing specific user actions.

VS Code Zero-Day Lets Hackers Steal GitHub Tokens in One Click

Technical Details

Entry point: The attack leverages the webview messaging interface used by VS Code to communicate with browser-based components, notably github.dev.
Mechanism: By loading a crafted, malicious extension, an attacker can run JavaScript inside the webview that interacts with the main editor, effectively bypassing privacy boundaries and capturing the GitHub OAuth token exchanged with github.dev.
Token use: The captured token is sent to GitHub with the permissions of the token holder, not scoped to a single repository. This means the attacker could access any private repositories the user is authorized to view or modify.
Scope risk: Since the token’s reach isn’t limited to the specific repository that the user was inspecting, it can enable broader access to the user’s GitHub environment.

Proof-of-Concept (PoC)

Release: A PoC was published by the researcher demonstrating the attack flow.
Method: The PoC executes malicious JavaScript inside a VS Code webview to simulate user actions and install a rogue extension that harvests the GitHub OAuth token being sent to github.dev.
Outcome: The PoC shows how the attacker can query the GitHub API to enumerate private repositories accessible to the token holder, illustrating the potential scale of the breach.

Impact and Security Considerations

Immediate risk: The vulnerability enables token theft in a single user action, which can pave the way for unauthorized access to private code, sensitive data, and potentially entire repositories.
Token breadth: Since OAuth tokens typically grant broad access across GitHub resources, the stolen token can be misused to perform actions on behalf of the user, beyond the scope of any single project.
Patch status: As of the disclosure, a patch or CVE designation had not been issued yet, leaving users exposed while the vulnerability remains unmitigated in official channels.

Disclosure Timeline and Community Response

Notification and disclosure: The researcher indicated that GitHub was notified an hour before public disclosure, citing a preference for full public disclosure due to unsatisfactory prior experiences with security response processes.
Public discourse: The disclosure case is part of a broader pattern in which researchers have voiced concerns about handling security issues in large software ecosystems, including interactions with security response centers.
Related zero-days: The broader narrative includes a sequence of zero-day disclosures involving Microsoft products, often led by anonymous researchers under handles such as Nightmare Eclipse. Notable entries in that stream included privilege-escalation flaws and other critical vulnerabilities, some of which were reportedly exploited in attacks.
Organizational responses: Industry players have weighed in on disclosure practices, with mixed public reactions ranging from policy statements to discussions about coordinated vulnerability management.

Context and Broader Significance

Platform ecosystem risk: The incident underscores how complex tooling ecosystems—combining desktop editors, browser-based development environments, and extension ecosystems—can introduce unforeseen security gaps.
Zero-day dynamics: The case illustrates the tension between rapid disclosure to drive patching and concerns about fair credit and responsible handling within large organizations.
Security posture implications: For developers and organizations relying on remediations and automated tooling, the event highlights the importance of securing token handling, sandbox boundaries, and trust relationships between editor components and web-based utilities.

Current Status and Next Steps

Status: The vulnerability remains unpatched in official channels as of the disclosure, with no CVE assigned at the time of reporting.
Considerations for users: Awareness of token exposure risks in workflows that involve browser-based development tooling is essential. Organizations and developers should monitor for advisories from VS Code and GitHub and follow any official guidance once a patch or mitigation is released.
Ongoing discourse: The incident is part of an ongoing conversation about how security disclosures are managed across major software vendors and the balance between public transparency and coordinated remediation.

Additional Context

Platform interdependencies: The incident sits at the intersection of code editors, browser-based development environments, and the GitHub OAuth ecosystem, showing how a flaw in one component can cascade into broader access risks.
Historical parallels: The security community has long observed that sandboxed environments, while offering powerful capabilities, must be carefully designed to prevent cross-boundary data leakage, especially when tokens with broad access are involved.

Note

This post synthesizes information about the vulnerability, its PoC, and the surrounding disclosure context based on reported details of the incident. It focuses on describing the technical aspects, potential impact, and the broader security discourse without prescribing specific user actions.

VS Code zero-day lets hackers steal GitHub tokens in one click

More from the Blog

Over 116,000 Minecraft Systems Infected in WeedHack Malware Campaign

AI-built ransomware toolkit automates EDR evasion, AD discovery

Microsoft Exchange Online outage causes email delays, failures

Stay Updated

VS Code zero-day lets hackers steal GitHub tokens in one click

More from the Blog

Over 116,000 Minecraft Systems Infected in WeedHack Malware Campaign

AI-built ransomware toolkit automates EDR evasion, AD discovery

Microsoft Exchange Online outage causes email delays, failures

Stay Updated