GitHub Codespaces malicious repository or pull request RCE remote code execution flaw
Vulnerability
Summary
Hide ▲
Show ▼
GitHub Codespaces vulnerability RoguePilot can let an attacker abuse GitHub Copilot by planting hidden instructions in a GitHub issue, then opening a Codespace from that issue to trigger silent command execution and leak GITHUB_TOKEN data. Orca Security said the flaw was a case of passive or indirect prompt injection, and Microsoft has since patched it after responsible disclosure. The broader abuse path remains tied to trusted Codespaces workflows, where attacker-controlled content can be processed by the built-in AI assistant without obvious warning.
Related Happenings
GitHub data exposed after GitHub breach
Data Leak
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub internal repositories private-code leak claim
Data Leak
First: 20.05.2026 08:08
Last: 20.05.2026 08:08
Sources 1
About this happening:
GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
GitHub internal repositories private-code leak claim
Data LeakAbout this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
Latest development: 21.05.2026 17:45
A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
GitHub hit by network compromise
Incident
First: 20.05.2026 07:01
Last: 20.05.2026 07:01
Sources 1
About this happening:
GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
GitHub hit by network compromise
IncidentAbout this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
Latest development: 20.05.2026 13:45
GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.
Actions-cool/issues-helper hit by network compromise
Incident
First: 19.05.2026 08:28
Last: 19.05.2026 08:28
Sources 1
About this happening:
The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....
Actions-cool/issues-helper hit by network compromise
IncidentAbout this happening: The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....
GitHub git push RCE (CVE-2026-3854)
Vulnerability
First: 29.04.2026 15:41
Last: 29.04.2026 15:41
Sources 1
About this happening:
GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
GitHub git push RCE (CVE-2026-3854)
VulnerabilityAbout this happening: GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
Timeline
-
05.02.2026 16:30 2 articles · 3mo ago
GitHub Codespaces malicious repository and pull request RCE disclosure
Initial DisclosureOrca Security identified three GitHub Codespaces abuse paths that can trigger arbitrary command execution when a user opens a malicious repository or checks out a malicious pull request: .vscode/tasks.json, .vscode/settings.json, and .devcontainer/devcontainer.json. The described abuse can steal GitHub authentication tokens and Codespaces secrets, support lateral movement in GitHub Enterprise environments, and expose hidden organisational data; stolen tokens may also be used with undocumented GitHub APIs to access premium Microsoft Copilot models. Microsoft said the behavior is by design and depends on trusted-repository controls and existing settings to limit abuse.
Show sources
- Malicious Commands in GitHub Codespaces Enable RCE — www.infosecurity-magazine.com — 05.02.2026 16:30
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52