What the VS Code github.dev Exploit Was and Why It Matters
The VS Code github.dev exploit was a browser-based attack chain in which a malicious Visual Studio Code webview could abuse github.dev’s OAuth token handling to steal GitHub authentication tokens after a user clicked a crafted repository link, potentially exposing all repositories and data that account could access through the stolen credential. Security researcher Ammar Askar released proof-of-concept code showing how github.dev’s browser editor received a broad OAuth token so the editor could act on behalf of a signed-in GitHub user across repositories, not only the one being viewed. When combined with VS Code webviews that could trigger arbitrary keyboard shortcuts in the workbench, this OAuth token vulnerability became a path to GitHub token theft. Microsoft says the underlying github.dev vulnerability has now been mitigated for its services and states that no customer action is required, but the incident highlights lasting risks.
How the github.dev Vulnerability Enabled GitHub Token Theft
At the core of this VS Code security exploit was how github.dev used OAuth tokens. When a user changed a repository URL from github.com to github.dev, GitHub’s browser editor sent an OAuth token so the session could browse files, edit code, and commit changes without asking for the password again. Askar’s disclosure found that this token was broad: it allowed access to every repository the user could reach, including private repositories, instead of being scoped to one project. At the same time, Microsoft’s VS Code issue #319593 describes a problem where webviews could trigger arbitrary keyboard shortcuts in the main workbench. A malicious webview could synthesize keystrokes, open the command palette, and run commands that installed attacker-controlled extension code, turning an innocent-looking github.dev link into a GitHub token theft tool.
From Malicious Link to Compromised Private Repositories
Askar’s proof-of-concept attack started with one malicious github.dev repository link. When opened, the repository’s webview content could trigger keyboard shortcuts, open the command palette, and execute commands that installed attacker-controlled code as a local workspace extension under .vscode/extensions. Because local workspace extensions can bypass the trusted-publisher prompt shown for new extension publishers, this stage quietly planted code capable of exfiltrating sensitive data. The exploit extension could then read the GitHub API token available to the github.dev session and call the GitHub API to list private repositories that the compromised account could access. As Askar wrote, “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.” That broad scope turned a single click into potential private repository exposure and credential theft.
Mitigation Status and the Broader Risk of Web IDE Integrations
Microsoft states that the github.dev vulnerability was mitigated for its services on June 3, 2026, and that no customer action is required today. Earlier, Askar had suggested clearing github.dev site data, but Microsoft’s current position is that its service-side changes address the reported issue. The company has also clarified that, according to Microsoft partner software engineering manager Alexandru Dima, “this issue does not affect VS Code Desktop,” though Askar notes that similar webview behavior exists there but is harder to exploit because it requires persuading a victim to clone a repository and open a booby-trapped notebook. While distinct from earlier poisoned VS Code extensions and developer-tool supply-chain malware, the github.dev vulnerability underlines a shared problem: web-based IDEs and AI coding agents rely on OAuth tokens, extensions, and broad permissions that can turn convenient single sign-on into a single point of failure when abused.
Practical Steps Developers Should Take to Secure GitHub Access
Even with Microsoft’s mitigation, developers should treat this OAuth token vulnerability as a warning and harden their accounts. Start by reviewing recent GitHub account activity for unexpected logins, suspicious repository access, or unusual token or app authorizations. Revoke and rotate any personal access tokens or OAuth app grants you do not recognize or no longer need, and reset credentials for sensitive repositories that might have been exposed. Prefer SSH keys for Git operations instead of relying only on browser sessions, and store those keys in a secure manager. Tighten OAuth scopes: give third-party tools the minimum repository and organization access required. Finally, audit your VS Code environment by removing unused or untrusted extensions, carefully reviewing local .vscode/extensions folders in cloned workspaces, and treating unfamiliar github.dev links like any other potential phishing attempt to avoid another GitHub token theft scenario.
