The vulnerability affects Microsoft’s VS Code, specifically the github.dev web-based editor, enabling an attacker to steal GitHub tokens through a crafted Jupyter notebook. The notebook contains hidden code that simulates keystrokes to install a malicious extension silently. This extension exfiltrates the victim’s GitHub access token, granting the attacker full repository access. The attack triggers upon the victim opening the malicious notebook link, with minimal user interaction required on github.dev. Microsoft patched the web-based version promptly after disclosure, but the desktop VS Code remains vulnerable and unpatched. The vulnerability also poses a risk of remote code execution on the desktop client. The disclosure was made without prior vendor notification, and no active exploitation has been confirmed.

Successful exploitation results in theft of the victim’s GitHub access token, allowing the attacker full read and write access to all repositories the victim can access, including private repositories. This compromises the confidentiality and integrity of the victim’s code repositories. Additionally, the desktop VS Code vulnerability can lead to remote code execution on the victim’s device, increasing the severity of potential impact. No confirmed active exploitation in the wild has been reported at this time.

Microsoft has released an official patch for the github.dev web-based VS Code editor as of June 3, 2026, which mitigates the vulnerability in that environment. Users of github.dev should ensure they are using the updated version. The desktop VS Code version remains unpatched; users should exercise caution when opening untrusted Jupyter notebooks or links and monitor official Microsoft advisories for updates. Since the vendor advisory is limited, patch status for the desktop client is not yet confirmed. Users should avoid interacting with suspicious notebooks and links until a fix is available.