VSCode Webview Flaw Enables One-Click GitHub OAuth Token Theft
Security researcher Ammar Askar disclosed a vulnerability in Visual Studio Code's webview message handling that can let attackers steal GitHub OAuth tokens from github.dev with a single malicious link. The flaw abuses postMessage-based keyboard event forwarding to let untrusted webview content forge key events, cross the intended trust boundary, and trigger privileged actions inside the editor. Reports say the attack can silently install a malicious extension, extract authentication material from internal storage, and exfiltrate a GitHub token that may carry read/write access to private repositories.
The impact is especially severe on github.dev because GitHub reportedly supplies the browser editor with an OAuth token that is not scoped to just the repository being viewed, but to all repositories the user can access. The same underlying issue also affects desktop VSCode when a victim opens an attacker-controlled repository, where a malicious extension can go beyond token theft and achieve full remote code execution through Node.js APIs. Until Microsoft or GitHub ships a fix, defenders are being urged to avoid untrusted github.dev links and repositories, clear saved site data for github.dev, and review installed extensions for unauthorized additions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
VS Code issue documents webviews triggering arbitrary keyboard shortcuts
A GitHub issue documented a security concern in Electron-based webviews where forwarded keydown events could let a malicious or XSS-compromised webview trigger dangerous application shortcuts. The report described potential abuse such as opening a terminal, shifting focus, and pasting commands into the active terminal.
Microsoft acknowledges GitHub.dev token theft bug and works on fix
After being notified on June 2, 2026, Microsoft acknowledged the GitHub.dev/VS Code webview vulnerability and said it is working on a fix. Microsoft also stated the issue does not affect VS Code Desktop.
Ammar Askar publicly discloses VSCode GitHub token theft bug
Security researcher Ammar Askar publicly disclosed a vulnerability affecting github.dev and VSCode webviews that can enable theft of GitHub OAuth tokens, and published a proof of concept. Reporting says the disclosure occurred on June 2, 2026.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
thehackernews.com
Open sourceGitHub Token Stealing Bug Exploits VSCode Webviews
securityonline.info
Open source1-Click GitHub Token Vulnerability Lets Attackers Steal Users' OAuth Tokens
cybersecuritynews.com
Open sourceHole in GitHub’s browser-based VSCode editor could lead to stolen token | InfoWorld
infoworld.com
Open sourceVS Code zero-day lets hackers steal GitHub tokens in one click
bleepingcomputer.com
Open sourceSecurity: Webviews can trigger arbitrary keyboard shortcuts in the main workbench · Issue #319593 · microsoft/vscode
github.com
Open sourceHole in GitHub’s browser-based VSCode editor could lead to stolen token | CSO Online
csoonline.com
Open source1-Click GitHub Token Stealing via a VSCode Bug : r/netsec
reddit.com
Open source1-Click GitHub Token Stealing via a VSCode Bug - Ammar's Blog
blog.ammaraskar.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Fake VS Code Security Alerts on GitHub Discussions Push Malware
A large-scale phishing campaign is abusing **GitHub Discussions** to post fake **Visual Studio Code** security alerts that pressure developers into downloading malware from external links. The posts impersonate legitimate advisories with fabricated `CVE` identifiers, fake affected version ranges, and urgent language, while newly created or low-activity accounts mass-tag developers across unrelated repositories to expand reach. Because GitHub Discussions can trigger email notifications to watchers and participants, the operation gains additional credibility and visibility beyond the platform itself. Analysis of the linked infrastructure showed a multi-stage redirection chain that used a Google `share.google` endpoint and the attacker-controlled domain `drnatashachinn[.]com`. The delivered JavaScript performed browser fingerprinting, cookie checks, obfuscation, and anti-analysis steps to distinguish real users from bots or security scanners before routing victims to later-stage malicious content, consistent with a traffic distribution system. Researchers said the campaign appears coordinated and automated, and urged developers to treat unsolicited GitHub security alerts with external download links as suspicious and verify VS Code updates only through official Microsoft channels.
Mar 27, 2026
Critical Vulnerabilities in Popular VS Code Extensions Enable Local File Theft and Code Execution
Security researchers at **OX Security** disclosed multiple vulnerabilities across widely used Microsoft Visual Studio Code extensions—**Live Server**, **Code Runner**, **Markdown Preview Enhanced**, and **Microsoft Live Preview**—with combined installs reported at **125–128 million**. The issues enable attacks ranging from **local file exfiltration** to **arbitrary code/JavaScript execution**, and highlight how a single vulnerable or malicious extension can be leveraged for broader compromise and potential lateral movement in developer environments. Reported flaws include **CVE-2025-65717** (Live Server; CVSS 9.1) enabling local file theft by luring a developer to a malicious site while the extension’s local server is running (e.g., `localhost:5500`), **CVE-2025-65716** (Markdown Preview Enhanced; CVSS 8.8) allowing arbitrary JavaScript execution via a crafted `.md` file with subsequent local port enumeration and exfiltration, and **CVE-2025-65715** (Code Runner; CVSS 7.8) enabling code execution by tricking users into modifying `settings.json`. Separate reporting on **Microsoft Live Preview** describes a **one-click reflected XSS** and unauthenticated request abuse against the extension’s local development server to enumerate and exfiltrate sensitive files (e.g., `.env`, API keys, source code); this Live Preview issue was reported as patched in version **0.4.16** via input sanitization (e.g., an `escapeHTML` function), while other extension issues were described as **unpatched** at the time of reporting.
Mar 21, 2026
VS Code Extensions Leak Sensitive Secrets, Exposing Users to Supply Chain Attacks
Researchers discovered that over 550 sensitive secrets were inadvertently leaked through more than 500 Visual Studio Code (VS Code) extensions available on both the VS Code and Open VSX marketplaces. These secrets included access and authorization tokens, credentials, API keys, encryption keys, and certificates, which are critical for securing access to various platforms and services. The investigation, conducted by Wiz Security, revealed that the leaked secrets spanned 67 categories, with the majority falling into three main groups: generative AI platforms, high-risk professional platforms such as AWS, GCP, Auth0, and GitHub, and databases like MongoDB and Postgres. Notably, more than 100 of the exposed secrets would have allowed attackers to update the affected extensions themselves. Because VS Code automatically updates extensions, this created a significant risk that attackers could deploy malicious updates to a large user base without user intervention. Wiz Security estimated that, had these vulnerabilities been exploited, malware could have been pushed to approximately 150,000 users in a single attack. The risk was not limited to code-heavy extensions; even theme extensions, which are often perceived as harmless, were found to be capable of introducing malware. The research highlighted that some internal extensions, such as those published by large corporations for internal use, were inadvertently made public, further increasing the attack surface. Vendor-specific extensions, commonly used for convenience, were identified as particularly attractive targets for attackers due to their potential for targeted exploitation. Microsoft was notified of the findings and worked with the researchers to address the issues and mitigate the risks. The incident underscores the importance of rigorous security practices in extension development and the need for continuous monitoring of third-party code in software supply chains. The exposure of secrets in widely used development tools like VS Code demonstrates how supply chain vulnerabilities can have far-reaching consequences. Organizations are advised to audit their use of extensions, restrict unnecessary permissions, and ensure that sensitive credentials are never hardcoded or exposed in public repositories. The case also serves as a warning about the risks of publishing internal tools to public marketplaces, as this can inadvertently expose sensitive infrastructure to external threats. The findings have prompted calls for improved vetting processes for extensions and greater awareness among developers about the risks of credential leakage. This incident is a stark reminder that even seemingly minor oversights in software development can lead to large-scale security incidents affecting tens of thousands of users. The potential for automated malware deployment through compromised extensions highlights the evolving nature of supply chain threats in the software ecosystem. Security researchers continue to monitor the situation and recommend best practices for extension security to prevent similar incidents in the future.
Mar 21, 2026