Cybersecurity News Kinetic Potential

VS Code Configs Expose GitHub Codespaces to Attacks

Thu, 02/05/2026 - 09:47 / 0 Comments

The automatic execution of VS Code-integrated configuration files when opening a repository or pull request in GitHub Codespaces could lead to supply chain attacks, Orca Security reports.

A cloud-hosted developer environment, Codespaces allows users to create a fully configured Visual Studio Code instance almost instantly, providing them with tight repository integration and container support.

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says.

“Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content,” the cybersecurity firm notes.

The issue, it explains, is that Codespaces automatically respects all VS Code configurations when the user opens a repository or pull request, and even when they check a pull request from an existing Codespace environment.

An attacker could include malicious commands in a JSON file in the .vscode/ folder and abuse the automation for their execution without user approval when an arbitrary folder is opened, Orca says.

Furthermore, the attacker can target Linux systems by embedding variables for the integrated terminal in another JSON file, which would result in the payload’s execution via bash.

According to the cybersecurity firm, an attacker could also use the devcontainer.json file to embed arbitrary commands that would be executed after the container is initialized on a machine.

These attack vectors, Orca says, could lead to the exfiltration of GitHub tokens, Codespaces secrets, and other secrets.

The GitHub token, the security firm notes, allows read and write operations in the context of the victim user, but can also be abused to introduce malicious pull requests to public repositories.

Orca also explains that the GitHub Codespaces RCE vector could be abused in supply chain attacks by forking public repositories, creating a malicious pull request that, when opened by a maintainer via Codespaces, leaks the maintainer’s GitHub token.

The attacker could then push code as a verified maintainer, Orca explains.

Furthermore, the security firm says, an attacker could create a malicious VS Code extension to mount an XSS attack and access local services via the ‘0.0.0.0 Day’ vulnerability disclosed in August 2024.

Furthermore, “adversaries can use the exfiltrated GitHub token with hidden, undocumented APIs that will allow them to prompt paid, premium AI-models on behalf of the victim,” Orca says.

The cybersecurity firm says it has reported the findings to Microsoft, which said the behavior is intentional.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts