Scworld
RCE Vulnerabilities Exploited in GitHub Codespaces via VS Code Config Files
First seen 6 Feb 2026, 00:21 UTC
•
•87% similarity
•39.7
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Orca Security researchers identified multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE) by opening malicious repositories or pull requests. Attackers can exploit VS Code configuration files to execute arbitrary commands, exfiltrate GitHub tokens, and access sensitive resources without user consent. This affects developers using the cloud-based development environment.
ThreatCluster AI