GitHub Copilot Attack Exploits Issues for Repository Takeover
Severity: Low (Score: 34.8)
Sources: Scworld, Feeds.Feedburner, Cybersecuritynews
Published: · Updated:
Keywords: github, copilot, issues, abused, attack, leading, repository
Severity indicators: issue, ot
Summary
A cybersecurity incident has emerged where attackers exploited GitHub Issues to inject malicious instructions that are processed by Copilot during the launch of a Codespace. This attack leverages the zero-day vulnerability CVE-2026-22769, which was recently exploited by a Chinese cyberespionage group. Affected users may face repository takeovers due to this exploitation.
Source articles (3)
- GitHub Issues Abused in Copilot Attack Leading to Repository Takeover — Feeds.Feedburner · 2026-02-24
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue. - GitHub Copilot Exploited to Perform Full Repository Takeover via Passive Prompt Injection — Cybersecuritynews · 2026-02-25
A critical AI-driven vulnerability in GitHub Codespaces, dubbed RoguePilot, that enabled attackers to silently hijack a repository by embedding malicious instructions inside a GitHub Issue. The flaw,… - Attack exploiting GitHub Codespaces flaw enables Copilot leak of GitHub tokens — Scworld · 2026-02-26
Threat actors could harness a recently addressed GitHub Codespaces flaw to facilitate passive prompt injections that trick GitHub Copilot into stealthily exposing GitHub tokens through the new RoguePi…
Timeline
- 2026-02-17 — CVE-2026-22769 published
- 2026-02-18 — CVE-2026-22769 added to CISA KEV for active exploitation
- 2026-02-24 — Articles published detailing the Copilot attack
Related entities
- Orca Research Pod (Company)
- GitHub (Platform)
- GitHub Codespaces (Platform)
- GitHub Issues (Platform)
- GitHub Copilot (Tool)
- RoguePilot (Vulnerability)