Critical VSCode Webview Vulnerability Exposes GitHub OAuth Tokens in One Click
On June 2, 2026, security researcher Ammar Askar publicly disclosed a severe vulnerability in Visual Studio Code’s (VSCode) webview implementation that allows attackers to steal GitHub OAuth tokens granting full read/write access to a victim’s private repositories with a single malicious link click. The flaw affects both the browser-based github.dev editor and the desktop version of VSCode, though the latter requires the victim to open a malicious repository.
How the Exploit Works
The attack exploits VSCode’s webview security model, which isolates untrusted content in sandboxed <iframe> elements. However, a design flaw in the Window.postMessage() API used to forward keyboard events between webviews and the main editor enables malicious JavaScript to simulate keystrokes. By chaining five VSCode behaviors, an attacker can:
- Trigger arbitrary JavaScript via a malicious Jupyter Notebook (
.ipynb) file or a crafted.vscode/extensions.jsonfile. - Silently install a malicious extension by dispatching a synthetic
Ctrl+Shift+Akeystroke to bypass notification prompts. - Bypass publisher trust checks by placing the extension in the local
.vscode/extensions/directory, exploiting github.dev’s default "trusted workspace" setting. - Access the preloaded GitHub OAuth token, which is unscoped and grants access to all of a user’s repositories not just the opened one.
- Exfiltrate the token and repository list via API requests to
api.github.com, enabling full control over private code.
On github.dev, the attack requires no further interaction beyond the initial link click. On the desktop version, the exploit can escalate to Remote Code Execution (RCE) due to VSCode extensions’ unrestricted Node.js API access.
Impact and Mitigations
The vulnerability poses a significant risk, as stolen OAuth tokens allow attackers to read, modify, or push code to any private repository the victim can access. Since github.dev lacks CSRF protections, any external link can redirect users into the attack.
Temporary mitigations include:
- Clearing github.dev site data in browsers to re-enable a warning dialog.
- Avoiding untrusted github.dev links until a patch is released.
- Auditing and removing unrecognized extensions in github.dev.
Defense-in-Depth Limitations
VSCode’s security measures, such as strict Content Security Policies (CSP) and DOMPurify for Markdown sanitization, partially contained the exploit’s scope. However, Askar’s full disclosure published without prior coordination with Microsoft highlights persistent concerns about the MSRC’s vulnerability handling. GitHub was notified one hour before the public release.
Source: https://cybersecuritynews.com/1-click-github-token-vulnerability/
GitHub TPRM report: https://www.rankiteo.com/company/github
"id": "git1780453444",
"linkid": "github",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'VSCode users, GitHub users '
'accessing github.dev',
'industry': 'Technology/Software Development',
'location': 'Global',
'name': 'Microsoft (VSCode)',
'size': 'Large',
'type': 'Software Vendor'},
{'customers_affected': 'GitHub users with private '
'repositories',
'industry': 'Technology/Software Development',
'location': 'Global',
'name': 'GitHub',
'size': 'Large',
'type': 'Code Hosting Platform'}],
'attack_vector': 'Malicious link (phishing), Malicious repository/file '
'(Jupyter Notebook or .vscode/extensions.json)',
'customer_advisories': 'GitHub users warned about potential unauthorized '
'repository access via stolen OAuth tokens',
'data_breach': {'data_exfiltration': 'Yes (via api.github.com)',
'file_types_exposed': 'Jupyter Notebooks (.ipynb), VSCode '
'extension files '
'(.vscode/extensions.json)',
'sensitivity_of_data': 'High (OAuth tokens grant full '
'repository access, private code)',
'type_of_data_compromised': 'Authentication tokens (GitHub '
'OAuth), repository code, '
'repository metadata'},
'date_publicly_disclosed': '2026-06-02',
'description': 'A severe vulnerability in Visual Studio Code’s (VSCode) '
'webview implementation allows attackers to steal GitHub OAuth '
'tokens granting full read/write access to a victim’s private '
'repositories with a single malicious link click. The flaw '
'affects both the browser-based *github.dev* editor and the '
'desktop version of VSCode, enabling token exfiltration and '
'potential Remote Code Execution (RCE).',
'impact': {'brand_reputation_impact': 'High (Microsoft/VSCode and GitHub '
'reputation for security)',
'data_compromised': 'GitHub OAuth tokens, private repository code, '
'repository lists',
'operational_impact': 'Unauthorized access to private '
'repositories, potential code modification '
'or theft, remote code execution (desktop '
'version)',
'systems_affected': 'VSCode (desktop and browser-based '
'github.dev), GitHub repositories'},
'initial_access_broker': {'backdoors_established': 'Malicious extension '
'installation',
'entry_point': 'Malicious link or repository file '
'(Jupyter '
'Notebook/.vscode/extensions.json)',
'high_value_targets': 'GitHub OAuth tokens, private '
'repositories'},
'investigation_status': 'Publicly disclosed, patch status unknown',
'lessons_learned': 'Need for stricter webview security models, improved '
'extension trust mechanisms, better CSRF protections in '
'github.dev, and more coordinated vulnerability disclosure '
'processes with vendors.',
'post_incident_analysis': {'corrective_actions': 'Patch vulnerability, '
'implement CSRF protections, '
'restrict extension APIs, '
'improve token scoping, and '
'enhance disclosure '
'coordination',
'root_causes': ['Design flaw in VSCode’s webview '
'security model '
'(Window.postMessage() API)',
'Lack of CSRF protections in '
'github.dev',
'Unrestricted Node.js API access '
'in extensions',
"Default 'trusted workspace' "
'setting in github.dev',
'Unscoped GitHub OAuth tokens']},
'recommendations': ['Patch the Window.postMessage() API misuse in VSCode '
'webviews',
'Implement CSRF protections in github.dev',
'Restrict Node.js API access in extensions',
'Improve extension publisher trust checks',
'Enhance OAuth token scoping to limit repository access',
'Encourage users to audit installed extensions and clear '
'site data regularly'],
'references': [{'source': 'Ammar Askar (Security Researcher)'}],
'response': {'communication_strategy': 'Public disclosure by security '
'researcher (Ammar Askar) without '
'prior coordination with Microsoft',
'containment_measures': 'Clearing github.dev site data to '
're-enable warning dialogs, avoiding '
'untrusted github.dev links, auditing '
'and removing unrecognized extensions'},
'stakeholder_advisories': 'VSCode and GitHub users advised to avoid untrusted '
'links and audit extensions',
'title': 'Critical VSCode Webview Vulnerability Exposes GitHub OAuth Tokens '
'in One Click',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Design flaw in VSCode’s webview security model '
'(Window.postMessage() API misuse), lack of CSRF '
'protections in github.dev, unrestricted Node.js '
'API access in extensions'}