RoguePilot Vulnerability in GitHub Codespaces Enables GITHUB_TOKEN Leak via Copilot

First reported

24.02.2026 20:52

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A vulnerability named RoguePilot in GitHub Codespaces allowed attackers to inject malicious instructions into GitHub issues, which were then processed by GitHub Copilot. This enabled silent control of the AI agent in Codespaces, leading to the leakage of sensitive GITHUB_TOKENs. The flaw has been patched by Microsoft after responsible disclosure. The attack involved embedding malicious prompts within GitHub issues, which were then executed by Copilot when a user launched a Codespace from the issue. This allowed attackers to exfiltrate sensitive data, including GITHUB_TOKENs, to external servers under their control.

Timeline

24.02.2026 20:52 1 articles · 3h ago

RoguePilot Vulnerability in GitHub Codespaces Enables GITHUB_TOKEN Leak via Copilot
A vulnerability named RoguePilot in GitHub Codespaces allowed attackers to inject malicious instructions into GitHub issues, which were then processed by GitHub Copilot. This enabled silent control of the AI agent in Codespaces, leading to the leakage of sensitive GITHUB_TOKENs. The flaw has been patched by Microsoft after responsible disclosure. The attack involved embedding malicious prompts within GitHub issues, which were then executed by Copilot when a user launched a Codespace from the issue. This allowed attackers to exfiltrate sensitive data, including GITHUB_TOKENs, to external servers under their control.
Show sources

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52
Open in new tab

Information Snippets

RoguePilot is a passive or indirect prompt injection vulnerability in GitHub Codespaces that affects GitHub Copilot.
First reported: 24.02.2026 20:52

1 source, 1 article
Show sources
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52
Attackers can embed malicious instructions in GitHub issues, which are then processed by Copilot when a user launches a Codespace from the issue.
First reported: 24.02.2026 20:52

1 source, 1 article
Show sources
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52
The vulnerability allows attackers to leak sensitive data, such as GITHUB_TOKENs, to external servers under their control.
First reported: 24.02.2026 20:52

1 source, 1 article
Show sources
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52
The flaw has been patched by Microsoft following responsible disclosure.
First reported: 24.02.2026 20:52

1 source, 1 article
Show sources
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52
The attack can be made stealthy by hiding the prompt in the GitHub issue through the HTML comment tag.
First reported: 24.02.2026 20:52

1 source, 1 article
Show sources
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN — thehackernews.com — 24.02.2026 20:52