Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
A security researcher publicly disclosed a critical zero-day vulnerability in Visual Studio Code's browser-based editor github. dev after losing trust in Microsoft's security response process. The vulnerability allows an attacker to steal OAuth tokens with broad repository access by exploiting how github. dev receives tokens from github. com without repo-specific scoping. An attacker who can modify a repository's . vscode/extensions. json can recommend a malicious extension that installs automatically when the victim opens the repo in github. dev, bypassing user approval via a hidden Jupyter Notebook trigger. This enables silent installation of malicious extensions capable of stealing tokens and accessing private repositories.
AI Analysis
Technical Summary
The disclosed zero-day affects github.dev, the browser-based VS Code editor launched from GitHub repositories. When github.com hands an OAuth token to github.dev, the token is not limited to the specific repository but grants access to all repositories the user can access, including private ones. An attacker able to modify the .vscode/extensions.json file in a repository can recommend a malicious VS Code extension. Opening the repository in github.dev triggers automatic installation of this extension without user consent by exploiting a hidden HTML payload in a Jupyter Notebook that simulates the approval keyboard shortcut. This malicious extension can then steal OAuth tokens, granting attackers broad access to the victim's repositories. The researcher publicly released a proof-of-concept exploit immediately, citing distrust in Microsoft's security response and disclosure process. There is no indication of a coordinated fix or patch from Microsoft at this time.
Potential Impact
An attacker exploiting this vulnerability can silently install malicious VS Code extensions in the victim's browser-based editor session, enabling theft of OAuth tokens with full read/write access to all repositories the victim can access, including private repositories. This could lead to unauthorized code access, modification, and potential compromise of sensitive intellectual property or deployment pipelines. The vulnerability bypasses normal extension installation prompts, increasing the risk of unnoticed exploitation. No known exploits in the wild are reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when opening repositories in github.dev, especially those from untrusted sources or with modified .vscode/extensions.json files. Avoid clicking suspicious github.dev links and monitor for updates from Microsoft regarding this vulnerability. The researcher’s public disclosure indicates no coordinated fix or official acknowledgment has been provided yet.
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
Description
A security researcher publicly disclosed a critical zero-day vulnerability in Visual Studio Code's browser-based editor github. dev after losing trust in Microsoft's security response process. The vulnerability allows an attacker to steal OAuth tokens with broad repository access by exploiting how github. dev receives tokens from github. com without repo-specific scoping. An attacker who can modify a repository's . vscode/extensions. json can recommend a malicious extension that installs automatically when the victim opens the repo in github. dev, bypassing user approval via a hidden Jupyter Notebook trigger. This enables silent installation of malicious extensions capable of stealing tokens and accessing private repositories.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The disclosed zero-day affects github.dev, the browser-based VS Code editor launched from GitHub repositories. When github.com hands an OAuth token to github.dev, the token is not limited to the specific repository but grants access to all repositories the user can access, including private ones. An attacker able to modify the .vscode/extensions.json file in a repository can recommend a malicious VS Code extension. Opening the repository in github.dev triggers automatic installation of this extension without user consent by exploiting a hidden HTML payload in a Jupyter Notebook that simulates the approval keyboard shortcut. This malicious extension can then steal OAuth tokens, granting attackers broad access to the victim's repositories. The researcher publicly released a proof-of-concept exploit immediately, citing distrust in Microsoft's security response and disclosure process. There is no indication of a coordinated fix or patch from Microsoft at this time.
Potential Impact
An attacker exploiting this vulnerability can silently install malicious VS Code extensions in the victim's browser-based editor session, enabling theft of OAuth tokens with full read/write access to all repositories the victim can access, including private repositories. This could lead to unauthorized code access, modification, and potential compromise of sensitive intellectual property or deployment pipelines. The vulnerability bypasses normal extension installation prompts, increasing the risk of unnoticed exploitation. No known exploits in the wild are reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when opening repositories in github.dev, especially those from untrusted sources or with modified .vscode/extensions.json files. Avoid clicking suspicious github.dev links and monitor for updates from Microsoft regarding this vulnerability. The researcher’s public disclosure indicates no coordinated fix or official acknowledgment has been provided yet.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":35,"reasons":["external_link","newsworthy_keywords:zero-day","non_newsworthy_keywords:vs","urgent_news_indicators","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["zero-day"],"foundNonNewsworthy":["vs"]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a2150f2e29bf47b509364e8
Added to database: 6/4/2026, 10:18:26 AM
Last enriched: 6/4/2026, 10:18:36 AM
Last updated: 6/4/2026, 11:26:50 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.