Bottom line: GitHub passed unscoped OAuth tokens to the VSCode browser instance, allowing attackers to access all private repositories of a developer via manipulated Jupyter Notebook extensions.
A vulnerability in GitHub’s browser-based editor github.dev enabled attackers to steal complete OAuth tokens with access to all of a developer’s repositories. The flaw has already been closed by Microsoft, but reveals fundamental problems in DevOps security.
The vulnerability, identified by security researcher Ammar Askar, affected github.dev, the browser-based interface of VSCode, which is accessible simply by renaming the URL (from github.com to github.dev). This tool enables developers to browse repositories, create pull requests, and commit changes without cloning the entire codebase locally – a frequently used feature for quick code reviews and documentation changes.
The core security problem: GitHub POSTed an unscoped OAuth token to github.dev that was not restricted to the specific repository. This token granted full access to all repositories the user could access. Combined with the complex VSCode codebase (nearly one million lines of TypeScript), this combination made for an attractive target for attackers looking to exploit VSCode vulnerabilities.
Askar demonstrated a practical exploit via a manipulated Jupyter Notebook extension that could be installed in the repository and bypassed publisher verification. Once executed, the extension extracted the GitHub API token, queried all accessible private repositories, and output the token and results. In this way, an attacker could have made arbitrary changes to critical projects through a fraudulent github.dev URL or via social engineering. The vulnerability also existed in the desktop version of VSCode, but there required the victim to clone the malicious repository.
For CTOs, this represents a paradigm shift: developer endpoints and cloud environments require strict Zero-Trust handling and cannot rely on vendor security. The uncritical transfer of unscoped tokens to browser sandboxes – especially in applications with large attack surface potential – must be replaced by scope limitation, multi-layered token management, and strict validation of browser extensions.
Source: www.csoonline.com · Published June 4, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.