Full Report
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Analysis Summary
# Vulnerability: GitHub Token Theft via github.dev Workspace Recommendations
## CVE Details
- **CVE ID**: Not yet assigned (Disclosed as a zero-day/insta-leak)
- **CVSS Score**: Pending (Estimated High: 7.5 - 8.5)
- **CWE**: CWE-79 (Cross-site Scripting), CWE-352 (Cross-Site Request Forgery - via UI Redressing/Shortcut Injection)
## Affected Systems
- **Products**: Visual Studio Code (specifically the browser-based version integrated with GitHub)
- **Versions**: Current versions of `github.dev` as of June 2026
- **Configurations**: Any repository opened via the `github.dev` web interface; specifically affects users with access to private or public repositories via OAuth tokens.
## Vulnerability Description
The vulnerability stems from the way `github.dev` handles OAuth tokens and workspace recommendations. When a user opens a repository in the browser-based VS Code environment, GitHub passes a broad OAuth token to the instance. This token is not scoped to the specific repository being viewed but extends to all repositories the user has permission to access.
An attacker can exploit this by:
1. Modifying a repository's `.vscode/extensions.json` to recommend a malicious extension.
2. Including a hidden HTML snippet within a Markdown cell of a Jupyter Notebook (`.ipynb`) file.
3. When the victim opens the malicious repo via a `github.dev` link, the Notebook is automatically rendered in a Webview. The hidden JavaScript executes a simulated keyboard shortcut that "bubbles up" to the main VS Code UI. This action programmatically bypasses the user confirmation prompt for installing the recommended malicious extension.
## Exploitation
- **Status**: PoC available; full public disclosure.
- **Complexity**: Medium (Requires repo modification and social engineering to lead user to a specific link).
- **Attack Vector**: Network / Web-based.
## Impact
- **Confidentiality**: High (Full read access to all public and private GitHub repositories associated with the user).
- **Integrity**: High (Write access to all repositories associated with the user).
- **Availability**: Low (No direct system-level DoS, but repository contents can be deleted or altered).
## Remediation
### Patches
- **Official Patch**: As of the article date, a formal patch from Microsoft/GitHub is pending. Users should monitor official Microsoft Security Response Center (MSRC) advisories.
### Workarounds
- **Exercise Caution**: Avoid opening untrusted or suspicious repositories using the `github.dev` or "Open in Browser" features.
- **Token Management**: Periodically review and revoke active OAuth sessions in GitHub security settings.
- **Environment**: Use the desktop version of Visual Studio Code, which operates under different security constraints regarding web-based token passing.
## Detection
- **Indicators of Compromise**:
- Presence of unexpected or unknown extensions in the VS Code web environment.
- Unauthorized commits or repository access logged in GitHub Audit Logs.
- **Detection Methods**: Monitor GitHub security logs for unusual token activity originating from VS Code web sessions.
## References
- **Researcher Account**: hxxps[://]blog[.]ammaraskar[.]com/github-token-stealing/
- **Vendor Advisory**: Pending (Check MSRC portal)
- **Source Article**: hxxps[://]www[.]theregister[.]com/2026/06/03/microsoft_vs_code_exploit_leak/