Every developer who has ever pressed the period key on a GitHub repository, launching the convenient browser-based VS Code editor known as GitHub.dev, has unknowingly accepted a bargain. In exchange for a lightweight coding environment, GitHub silently passes an OAuth token to the session, one that grants read and write access to every repository the user can reach, not just the repo they opened.
Security researcher Ammar Askar has now shown how a single malicious link can steal that token entirely. The proof-of-concept exploit, published on 2 June 2026, chains together several VS Code behaviours to install a rogue extension inside GitHub.dev, silently exfiltrate the OAuth credential, and enumerate every private repository the victim can access.
Microsoft has acknowledged the flaw and says it is working on a fix. The vulnerability does not affect VS Code Desktop, according to Alexandru Dima, a partner software engineering manager at the company.
How the attack works
The exploit begins with a crafted GitHub.dev link pointing to a repository that contains a malicious Jupyter Notebook file. When the victim clicks, GitHub.com automatically POSTs an OAuth token to the GitHub.dev session. That token is not scoped to the specific repository, it carries full privileges across every repo the user has access to, including private ones.
