Security researcher Ammar Askar disclosed on June 3, 2026 a zero-day vulnerability in Visual Studio Code’s webview message-passing system that allows a malicious extension to steal a user’s GitHub OAuth token in a single click — granting the attacker access to every repository the victim can reach, with no scope restrictions and no patch available.
How a Malicious VS Code Extension Steals Full GitHub Repository Access
The attack targets github.dev, the browser-hosted version of Visual Studio Code. A malicious extension intercepts GitHub OAuth token traffic by exploiting VS Code’s webview IPC mechanism — the channel through which browser-rendered webview content communicates with the VS Code host process.
The Scope Problem: One Token, Every Repository
Askar emphasized the breadth of the exposure: “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.” A victim who installs a malicious extension and clicks a single crafted element can unknowingly hand attackers authenticated access to every private and public repository in their GitHub account.
Unlike a compromised deploy key or limited personal access token, a stolen GitHub OAuth token carries the full permissions of the user’s account — source code, CI/CD pipelines, branch protection configurations, secrets stored in Actions, and team membership data.
Why Askar Published Without a Coordinated Patch
No CVE has been assigned, and no software fix is available. Askar notified GitHub only one hour before public disclosure — a departure from standard responsible disclosure timelines that typically allow 90 days for vendor remediation.
Disclosure Controversy Rooted in Prior Microsoft Response History
The abbreviated notification window reflects a documented grievance: Askar cited past negative experiences with Microsoft’s vulnerability response process, including instances where reported VS Code bugs were quietly fixed without researcher acknowledgment or credit. When researchers conclude that coordinated disclosure produces no public benefit for them, public-first disclosure becomes the rational choice.
The disclosure triggered industry-wide coverage of broader friction between security researchers and Microsoft. SecurityWeek and The Register reported that researchers across the community had raised fears of legal threats following zero-day disclosures — a separate but parallel tension in the same ecosystem. Microsoft subsequently issued a public statement attempting to address those legal threat fears, reaching for what The Register described as an “olive branch.”
No Patch, One Partial Mitigation
Users can partially reduce exposure by clearing cookies and local site data for github.dev in their browser — this forces a new sign-in flow that may surface anomalous authentication attempts. The underlying vulnerability remains exploitable and the partial mitigation does not constitute a fix.
The complete absence of a patch means all github.dev users who install extensions are currently at risk. The VS Code extension marketplace includes thousands of community-developed packages, and the attack requires no special permissions beyond what a standard extension already holds.
Industry Context: The Responsible Disclosure Model Under Pressure
The VS Code disclosure lands alongside Microsoft’s broader effort to repair its relationship with the independent security research community. The “olive branch” language in coverage of the legal-threat concerns reflects an acknowledgment that the current dynamic — where researchers fear retaliation for disclosures — produces worse security outcomes than the alternative. When disclosure channels are adversarial, vulnerabilities go unreported or go public without patches.
The zero-day in VS Code’s webview IPC system is not an exotic technique. It exploits a fundamental design characteristic of how webview content communicates with the host editor — a surface that exists across every VS Code-based tool and derivative product. Until Microsoft issues guidance or a patch, organizations managing sensitive codebases should audit what VS Code extensions are installed and active across developer workstations.
