A critical one-click attack vulnerability has been discovered in Microsoft Visual Studio Code (VS Code) that allows threat actors to steal a user’s GitHub token. This exploit, disclosed by cybersecurity researchers on June 3, 2026, could grant attackers unauthorized access to both public and private code repositories.
The vulnerability specifically targets the GitHub.dev feature, a web-based VS Code environment that enables users to interact with their GitHub repositories directly from their browser. By exploiting a mechanism between VS Code’s main window and its webviews, an attacker can trick a user into clicking a malicious link, leading to the theft of sensitive GitHub authentication tokens. These tokens are used by GitHub.dev to perform actions on behalf of the user, such as sending pull requests and committing code.
One-Click Attack Exposes GitHub Tokens via VS Code
According to security researcher Ammar Askar, the exploit leverages the way GitHub.dev receives OAuth tokens from github.com to facilitate its functionality. “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to,” Askar stated. This broad access means a compromised token could allow an attacker to view, modify, or delete code across all repositories accessible to the victim.
The core of the attack involves malicious JavaScript running within an untrusted webview. This script can simulate keypresses, effectively triggering VS Code’s Command Palette (typically accessed by Ctrl+Shift+P on Windows/Linux or Cmd+Shift+P on macOS). Once the Command Palette is open, the attacker can push a malicious VS Code extension to be installed. This extension is designed to steal the GitHub OAuth token that was passed to GitHub.dev.
Exploiting Webviews and Local Workspace Extensions
Researchers highlighted that the attack also utilizes a VS Code feature known as local workspace extensions. This allows extensions to be installed directly into a project’s “.vscode/extensions” folder without requiring the user to go through an additional trust prompt from the publisher. This bypasses a key security check, making the installation of the malicious extension seamless and less likely to raise suspicion.
Askar further explained the mechanics of this part of the exploit: “This is just a small hiccup though, one of the things that extensions can do as part of their package.json is to contribute extra keybindings to VS Code. Since we can reliably trigger keybindings, we can just add a keybind for whatever VS Code command we want, such as installing an extension while skipping the trusted publisher check.”
The developer of the exploit reported the vulnerability to GitHub on June 2, 2026. Details of the issue were made public shortly thereafter, with the researcher citing past experiences with how Microsoft addresses VS Code-related bugs. Microsoft has since acknowledged the vulnerability and is actively working on a fix. It is important to note that this specific vulnerability does not affect the desktop version of VS Code, as confirmed by Alexandru Dima, a partner software engineering manager at Microsoft.
The immediate next step is for Microsoft to release a patched version of VS Code that mitigates this vulnerability. Users are advised to remain