GitHub.dev Vulnerability: One-Click OAuth Token Theft
🔄 Update — June 08, 2026: New Details on VS Code Webview Vulnerability
The vulnerability in Visual Studio Code’s webview implementation is seeing increased scrutiny regarding its impact on desktop versions. New reports confirm that the malicious link attack vector remains a high risk for developers using third-party extensions.
What’s new?
- Patch Status Uncertainty: While GitHub.dev is largely secured, the exact patch status across various VS Code versions (Stable vs. Insiders) is still being verified.
- Expanded Attack Vectors: More details have emerged on how webviews can be specifically manipulated to exfiltrate OAuth tokens even in local environments.
Why this adds to the article
This information expands the original GitHub.dev report by including the critical component of VS Code desktop security and emphasizes the need for immediate patch verification by users.
Summary
A critical security vulnerability in the web-based development environment GitHub.dev (based on VS Code) allowed attackers to steal user OAuth tokens. By simply clicking a link, hackers could gain full read and write access to all of a victim’s private repositories. The flaw was disclosed in early June 2026 by security researcher Ammar Askar and has since been patched by Microsoft.
What happened?
Security researcher Ammar Askar published details of a “one-click” exploit in GitHub.dev. When a user opened a malicious repository in the browser version of VS Code, malicious code contained within (disguised in files like Jupyter Notebooks) could execute JavaScript within a webview. This code used internal communication channels (postMessage) to open the Command Palette and silently install a malicious workspace extension. This extension then exfiltrated the user’s broad OAuth token to an attacker-controlled server.
Why it matters
OAuth tokens are the keys to modern development workflows. In this case, the token was not limited to the specific repository but had the same permissions as the logged-in user. This meant an attacker gained access not just to the code in the malicious repo, but to all private projects the user had access to. Since GitHub.dev is often used for quick code reviews, the threshold for clicking unknown links was particularly low.
Evidence
The researcher published a Proof-of-Concept (PoC) on June 2, 2026. He opted for full disclosure due to past negative experiences with the Microsoft Security Response Center (MSRC). Heise Online and other technical media outlets confirmed the attack and reported on Microsoft’s rapid response.
Analysis
The vulnerability resulted from a chain of design decisions:
- Broad Token Permissions: GitHub.dev receives very extensive permissions by default.
- Webview Isolation: Communication between webviews and the VS Code core could be manipulated.
- Trust Model: Workspace-specific extensions could be installed or activated under certain conditions without explicit user consent. The exploit demonstrates the complexity of securing browser-based IDEs that execute local code in a cloud environment.
Practical Takeaways
Affected users should take the following steps:
- Revoke Tokens: Review and revoke any suspicious OAuth tokens in GitHub settings (specifically for VS Code/GitHub.dev).
- Clear Site Data: Clear cookies and site data for
github.devin the browser to force re-authentication and trust warnings. - Audit Repositories: Inspect private repositories for unauthorized commits or suspicious activity.
Open Questions
It remains unclear whether this vulnerability was actively exploited by attackers before Ammar Askar’s disclosure. Furthermore, the case raises questions about Microsoft’s bug bounty process, given the researcher’s choice to go public immediately.