Security researcher Ammar Askar disclosed a critical vulnerability on June 2, 2026, that allows attackers to steal GitHub tokens through a single click on a malicious link. The exploit leverages VSCode's webview security model and requires no user confirmation beyond the initial page load.
How the Attack Works
The vulnerability exploits a fundamental flaw in VSCode's keyboard event handling across security boundaries. While VSCode normally uses iframes with different origins for sandboxing webviews, the implementation allows untrusted JavaScript to dispatch fake keyboard events that the editor interprets as legitimate user input.
The attack chain proceeds in four steps:
- Attacker creates a malicious repository containing a Jupyter notebook with embedded JavaScript
- The JavaScript dispatches fake keyboard events to trigger VSCode's command palette
- The simulated keystrokes (ctrl+shift+a) trigger installation of an attacker-controlled extension
- The malicious extension accesses the GitHub API token and retrieves private repository data
As Askar explained: "There's nothing preventing our script running in the untrusted web view from pretending like it's the user and pressing a bunch of keys."
Impact and Microsoft's Response
GitHub tokens provide read and write access to all repositories a user can access, including private repositories. The vulnerability affects users of github.dev and VSCode's web interface, potentially exposing sensitive code and organizational data.
Microsoft applied a stopgap fix on June 3, 2026, requiring confirmation dialogs before executing notebooks. However, the quick patch suggests the underlying architectural issue may require more comprehensive remediation. The vulnerability was tracked in the VSCode GitHub repository as a security issue involving webviews triggering arbitrary keyboard shortcuts.
Full Disclosure Controversy
Askar chose public disclosure rather than coordinated responsible disclosure, citing negative past experiences with Microsoft Security Response Center (MSRC). He stated that MSRC had not properly credited researchers or adequately acknowledged VSCode security issues in previous cases.
The disclosure gained 551 points and 81 comments on Hacker News, indicating significant concern within the developer community about the security implications for users of Microsoft's web-based development tools.
Key Takeaways
- A single-click attack can steal GitHub tokens through VSCode's webview keyboard event handling vulnerability
- The exploit requires no user confirmation beyond opening a malicious link and works by simulating keyboard input to install attacker-controlled extensions
- Microsoft deployed a stopgap fix requiring notebook confirmation dialogs on June 3, 2026, one day after public disclosure
- The vulnerability affects github.dev users and provides attackers with read/write access to all accessible repositories, including private ones
- The researcher chose full public disclosure over responsible disclosure due to concerns about Microsoft's security response practices