VSCode webview flaw leaks GitHub tokens via keypress simulation
Untrusted webview scripts can forge keyboard events to trigger VSCode commands and install malicious extensions, exfiltrating unscoped GitHub OAuth tokens with read-write repo access.
June 5, 2026
Summary
Any markdown preview, notebook, or third-party webview content in VSCode can silently steal credentials that grant full access to your repositories. This breaks the assumed isolation model developers rely on when rendering untrusted content.
Why it matters
Any markdown preview, notebook, or third-party webview content in VSCode can silently steal credentials that grant full access to your repositories. This breaks the assumed isolation model developers rely on when rendering untrusted content.
Implementation verdict
Affects VSCode desktop + browser instances running github.dev. Mitigated by disabling workspace extension recommendations and vetting .vscode/extensions.json content. Update VSCode immediately when patches land; do not assume webview sandboxing prevents privilege escalation to main editor scope.
Sources
- 1.there's nothing preventing our script running in the untrusted web view from pretending like it's the user and pressing a bunch of keys on their behalf
- 2.The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to
- 3.contentWindow.addEventListener('keydown', handleInnerKeydown)
Dev Signal
Get briefs like this in your inbox — free, 3x a week.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.