RCE Vulnerabilities Exploited in GitHub Codespaces via VS Code Config Files

RCE Vulnerabilities Exploited in GitHub Codespaces via VS Code Config Files

First seen 6 Feb 2026, 00:21 UTC Infosecurity-MagazineScworld 87% similarity 39.7

Article Content

Browse articles
ThreatCluster

Orca Security researchers identified multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE) by opening malicious repositories or pull requests. Attackers can exploit VS Code configuration files to execute arbitrary commands, exfiltrate GitHub tokens, and access sensitive resources without user consent. This affects developers using the cloud-based development environment.

ThreatCluster AI

Community

Browse all →