VS Code Zero-Day Lets Hackers Steal GitHub Tokens in One Click

A security researcher has publicly released proof-of-concept exploit code targeting a zero-day vulnerability in Visual Studio Code that enables attackers to silently steal GitHub authentication tokens — requiring only that the target clicks a single specially crafted link.

The disclosure raises immediate concerns for the tens of millions of developers who rely on VS Code's integrated GitHub authentication for daily workflows.

How the Attack Works

The zero-day exploits VS Code's URI handling and its deep integration with GitHub's OAuth token flow. When a user clicks a malicious link — which could be delivered via email, chat platforms, a GitHub issue, or a compromised webpage — the exploit triggers VS Code to initiate a token exchange that routes the resulting authentication token to an attacker-controlled endpoint instead of the legitimate GitHub service.

Because the entire flow mimics a legitimate VS Code-to-GitHub authentication handshake, most users and endpoint security tools have no way to distinguish the attack from normal behavior.

Attack Flow

1. Victim receives a link crafted with a malicious vscode:// or vscode-insiders:// URI
2. VS Code auto-handles the URI scheme and initiates a GitHub authentication callback
3. Token is silently exfiltrated to the attacker's server before any user prompt appears
4. Attacker gains persistent access to the victim's GitHub account using the stolen token

The researcher who discovered the flaw describes it as a "one-click, zero-interaction theft" — the victim sees nothing unusual and receives no warning dialogs.

Scope and Impact

A stolen GitHub personal access token (PAT) or OAuth token grants an attacker:

• Full read/write access to all repositories the victim has access to
• Ability to push malicious code to open source projects, corporate codebases, or personal repositories
• Access to GitHub Actions workflows, enabling supply chain attacks
• Organization-level access if the victim belongs to GitHub organizations

Given VS Code's dominance among developers — with over 70% market share in IDE usage surveys — the potential blast radius is enormous. Supply chain attacks originating from stolen developer tokens have become one of the most consequential threat vectors in 2026.

Researcher Disclosure

The researcher released a full proof-of-concept alongside the disclosure, citing Microsoft's slow response to their private report. The PoC is now publicly available, meaning threat actors have immediate access to working exploit code.

As of publication, no patch is available. Microsoft has acknowledged the report and confirmed the issue is under investigation.

Mitigation Steps

Until Microsoft releases a patch, developers can take the following steps to reduce exposure:

1. Revoke existing GitHub tokens associated with VS Code under GitHub Settings → Developer Settings → Personal access tokens
2. Disable VS Code URI handling in system settings where possible
3. Be suspicious of any link that would launch or interact with VS Code, especially in GitHub issues, emails, or chat messages
4. Monitor GitHub audit logs for unexpected token creations or repository access from unfamiliar IP addresses
5. Use fine-grained tokens with minimal permissions rather than classic broad-scope tokens
6. Enable GitHub's token expiry settings to limit the window of token abuse

# List your active GitHub tokens via CLI
gh auth token
gh api user/installations
 
# Revoke all VS Code OAuth apps via GitHub settings
# Settings → Applications → Authorized OAuth Apps → Revoke

Broader Implications

This zero-day follows a string of developer tool compromises in 2026, including the Trivy supply chain attack, the Axios npm package hijack, and the Grafana GitHub token breach — all of which leveraged stolen developer credentials to pivot into broader infrastructure. The pattern underscores that developer workstations and tooling are now high-value targets in the modern threat landscape.

The security community is urging Microsoft to treat developer toolchain security with the same urgency as enterprise endpoint security, given the outsized impact that compromising a single developer's environment can have on downstream software supply chains.

Patch status: Under investigation by Microsoft. Check the VS Code release notes for updates.