Security researcher Ammar Askar disclosed a critical vulnerability in Visual Studio Code on June 2, 2026, revealing that attackers could steal GitHub OAuth tokens through a deceptively simple one-click attack. Microsoft shipped a stopgap fix the very next day, on June 3, a turnaround time that tells you everything about how seriously Redmond took this one.
The flaw targets GitHub.dev, the browser-based version of VS Code that millions of developers use to edit code directly in their browsers. An attacker exploiting this vulnerability could gain access to every repository tied to the victim’s compromised token, including private ones.
How the attack works
The vulnerability lives in VS Code’s webview system, the component responsible for rendering embedded web content inside the editor. Webviews communicate with the main VS Code process through a message-passing mechanism, and that’s where things get interesting.
The attack chain starts with a malicious link pointing to a GitHub.dev workspace. Inside that workspace sits a Jupyter notebook laced with harmful JavaScript. When a victim opens the link, the notebook’s code executes within the webview context.
From there, the malicious script simulates keyboard events to interact with VS Code’s interface programmatically. It leverages the trust model that GitHub.dev extends to workspace contents, effectively tricking the editor into treating the attacker’s code as legitimate user input.
The script then installs a malicious extension from the trusted workspace. That extension quietly exfiltrates the victim’s GitHub OAuth token without triggering any visible warning. The entire sequence requires nothing more than clicking a single link.
Askar released a full public proof-of-concept repository alongside the disclosure, giving security teams the information they need to understand and test for the vulnerability.
Microsoft’s response and the broader pattern
Microsoft’s June 3 patch introduced two key safeguards. First, it added a confirmation prompt when users attempt to open certain file types within GitHub.dev, breaking the seamless one-click chain that made the attack so effective. Second, it blocked potentially harmful extension commands that the exploit relied on to install malicious code silently.
The timing of this disclosure is notable. Just weeks earlier, on May 20, 2026, GitHub itself suffered a security breach when a poisoned VS Code extension compromised approximately 3,800 internal repositories.
What this means for developers and organizations
For individual developers, the immediate action is simple: ensure GitHub.dev sessions are updated with Microsoft’s latest patches. Rotate any OAuth tokens that may have been exposed, especially if you’ve clicked unfamiliar links to GitHub.dev workspaces in recent weeks. Review your installed extensions and remove anything you don’t actively use.
Security teams should audit which employees have access to GitHub.dev and whether their OAuth tokens carry broader permissions than necessary. The principle of least privilege, giving tokens only the minimum access required, would have limited the damage from this specific attack significantly.