Skip to main content

GitHub CLI CVE-2026-59831

MEDIUM
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2026-07-09 GitHub_M
4.4
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
4.4 MEDIUM
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
4.4 MEDIUM

Requires authenticated GitHub user (PR:L) to actively connect to a malicious Codespace (AC:H, UI:R); scope changes as VS Code handles the injected URI on the local machine (S:C).

3.1 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 23:34 vuln.today

DescriptionCVE.org

GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopback HTTP or HTTPS address, allowing a crafted vscode:// or vscode-insiders:// URL to be handed to VS Code. This issue is fixed in version 2.96.0.

AnalysisAI

Command execution via URI injection in GitHub CLI's gh codespace jupyter subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted vscode:// or vscode-insiders:// URI. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker creates or compromises GitHub Codespace
Delivery
Victim authenticates and runs gh codespace jupyter
Exploit
Codespace process returns crafted vscode:// URI instead of loopback URL
Execution
CLI dispatches URI to OS without validation
Persist
OS invokes VS Code protocol handler
Impact
VS Code executes attacker-controlled command on developer machine

Vulnerability AssessmentAI

Exploitation The victim must be an authenticated GitHub user (PR:L) and must actively run `gh codespace jupyter` targeting an attacker-controlled or compromised Codespace - passive exploitation is not possible (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 4.4 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N accurately captures the constrained but real threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker creates a public or shared GitHub Codespace and configures a background process to intercept or replace the JupyterLab startup URL with a crafted `vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=attacker-server` URI. When a developer runs `gh codespace jupyter` to work in that Codespace, the CLI receives the spoofed URI and dispatches it to the OS without validation, causing VS Code to process the protocol handler and potentially clone a malicious repository or invoke a VS Code extension command on the developer's local machine. …
Remediation Upgrade GitHub CLI to version 2.96.0 or later, which introduces loopback URL validation before dispatching JupyterLab URLs to the OS. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy