A critical security vulnerability has been disclosed in Visual Studio Code (VS Code) that allows attackers to steal GitHub authentication tokens with a single user interaction. According to a recent report by BleepingComputer, a security researcher has released proof-of-concept (PoC) code demonstrating how this unpatched flaw can be weaponized.
For defenders, this is a high-severity event. VS Code is ubiquitous in modern development environments, and the compromise of GitHub tokens provides attackers with a direct vector into supply chains and source code repositories. Since this vulnerability is currently unpatched and active exploitation is feasible given the public PoC, organizations must immediately shift to a "assume breach" posture regarding developer workstations.
Technical Analysis
Affected Products:
- Visual Studio Code (Stable, Insiders, and potentially the open-source VSCodium variants)
- Platforms: Windows, macOS, Linux
Vulnerability Mechanics: The vulnerability leverages how VS Code handles specific protocol handlers or malformed workspace configurations. When a user is tricked into clicking a malicious link (e.g., hosted in a phishing email or a compromised repository), the operating system launches VS Code and passes it a malicious payload.
From a defender's perspective, the attack chain typically follows this pattern:
- Initial Access: User clicks a link utilizing the
vscode://protocol handler or opens a malicious workspace file. - Execution: VS Code interprets the input and executes a command or script without proper validation or security prompts.
- Theft: The script reads local Git credential files or accesses the system's internal token storage, sending the data to an attacker-controlled server.
Exploitation Status:
- Public PoC: Available
- Patch Availability: None (Unpatched / Zero-Day)
- Active Exploitation: Theoretically high risk given the ease of execution ("one click").
Detection & Response
Detecting this vulnerability requires focusing on the abnormal parent-child process relationships initiated by VS Code. Standard development activity involves VS Code spawning compilers (like gcc, javac) or shells for debugging. However, it is highly suspicious for VS Code to spawn networking utilities (like curl or wget) or command shells that immediately establish outbound network connections to non-Microsoft domains.
SIGMA Rules
The following Sigma rules detect the suspicious process execution patterns associated with this exploit chain.
---
title: VS Code Spawning Network Shell Command
id: 8c4a2b10-9f1d-4b3c-8a5e-6d7f8g9h0i1j
status: experimental
description: Detects Visual Studio Code (Code.exe) spawning a shell that executes network connection commands, a common pattern in token theft exploits.
references:
- https://bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/
author: Security Arsenal
date: 2026/04/06
tags:
- attack.execution
- attack.t1059.001
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|endswith:
- '\Code.exe'
- '\Code - Insiders.exe'
Image|endswith:
- '\cmd.exe'
- '\powershell.exe'
- '\pwsh.exe'
CommandLine|contains:
- 'curl '
- 'Invoke-WebRequest'
- 'iwr '
- 'wget '
condition: selection
falsepositives:
- Developers using shell scripts to download dependencies manually (rare in modern workflows)
level: high
---
title: VS Code Spawning Script Interpreter
id: 9d5b3c21-0a2e-5c4d-9b6f-7e8g0h1i2j3k
status: experimental
description: Detects VS Code spawning script interpreters (wscript, cscript, node) which may be used to execute payload code for token theft.
references:
- https://bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/
author: Security Arsenal
date: 2026/04/06
tags:
- attack.execution
- attack.t1059.005
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|endswith:
- '\Code.exe'
- '\Code - Insiders.exe'
Image|endswith:
- '\wscript.exe'
- '\cscript.exe'
- '\node.exe'
condition: selection
falsepositives:
- Legitimate development tasks using Node.js or Windows Script Host
level: medium
KQL (Microsoft Sentinel / Defender)
Use this KQL query to hunt for suspicious child processes spawned by VS Code that initiate network connections.
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName in~ ('Code.exe', 'Code - Insiders.exe')
| where FileName in~ ('cmd.exe', 'powershell.exe', 'pwsh.exe', 'curl.exe', 'wget.exe')
| where ProcessCommandLine has_any ('curl', 'Invoke-WebRequest', 'iwr', 'wget', 'http')
| project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, FileName, ProcessCommandLine, FolderPath
| order by Timestamp desc
Velociraptor VQL
Hunt for instances where VS Code spawns a shell process.
-- Hunt for VS Code spawning suspicious child processes
SELECT Parent.Name AS ParentName, Pid, Name, CommandLine, Exe, Username, StartTime
FROM pslist()
WHERE Parent.Name =~ 'Code.exe'
AND Name IN ('cmd.exe', 'powershell.exe', 'pwsh.exe', 'curl.exe')
AND CommandLine =~ '(curl|wget|Invoke-WebRequest|iwr)'
Remediation Script (PowerShell)
This script audits the VS Code protocol handler registrations on Windows to ensure no malicious handlers have been registered by an exploit. It also checks the version of VS Code installed.
# Audit VS Code Protocol Handlers and Version
Write-Host "[*] Auditing VS Code Installation and Protocol Handlers..." -ForegroundColor Cyan
# Check VS Code Version
$vsCodePath = "$env:LOCALAPPDATA\Programs\Microsoft VS Code\Code.exe"
if (Test-Path $vsCodePath) {
$versionInfo = (Get-Item $vsCodePath).VersionInfo.FileVersion
Write-Host "[+] VS Code Found. Version: $versionInfo" -ForegroundColor Green
} else {
Write-Host "[-] VS Code executable not found in default path." -ForegroundColor Yellow
}
# Check Registry for 'vscode://' protocol handlers
$regPath = "Registry::HKEY_CLASSES_ROOT\vscode"
if (Test-Path $regPath) {
$urlProtocol = (Get-ItemProperty -Path $regPath -ErrorAction SilentlyContinue).'URL Protocol'
$defaultIcon = (Get-ItemProperty -Path "$regPath\DefaultIcon" -ErrorAction SilentlyContinue).'(default)'
$shellCommand = (Get-ItemProperty -Path "$regPath\shell\open\command" -ErrorAction SilentlyContinue).'(default)'
Write-Host "[+] Protocol Handler 'vscode://' is registered." -ForegroundColor Green
Write-Host " Open Command: $shellCommand"
# Check if the command points to the expected binary
if ($shellCommand -notlike "*Code.exe*") {
Write-Host "[!] WARNING: Protocol handler points to unexpected binary! Possible Hijack." -ForegroundColor Red
}
} else {
Write-Host "[-] 'vscode://' protocol handler not found." -ForegroundColor Gray
}
Write-Host "[*] Audit complete." -ForegroundColor Cyan
Remediation
As of this publication, a specific patch has not been released. Security Arsenal recommends the following defensive measures:
- Restrict Protocol Handling: If
vscode://links are not business-critical for your organization, consider removing the file association or protocol handler registry keys on developer workstations to prevent the "one-click" attack vector. - Network Segmentation: Monitor and block outbound connections from developer workstations to unknown or newly registered domains, specifically looking for data exfiltration over HTTP/HTTPS.
- Token Hygiene: Enforce short-lived Personal Access Tokens (PATs) for GitHub. Ensure Multi-Factor Authentication (MFA) is mandatory for all developer accounts.
- Browser Hygiene: Educate developers against clicking unsolicited links, particularly those triggering external application launches.
- Update Vigilantly: Monitor the official Visual Studio Code Security Advisories page and apply patches immediately upon availability.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.