EXECUTIVE SUMMARY:
CVE-2026-48501 with a CVSS score of 7.4 is a token leakage vulnerability in GitHub CLI (gh) versions ≤ 2.92.0, where the tool’s shared HTTP client mistakenly appends the user’s GitHub authentication header to requests directed at TUF repository mirrors used by the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands. The client’s host‑normalisation logic collapses any *.github.com subdomain to github.com, causing the token to be sent to external hosts such as tuf‑repo.github.com, tuf‑repo‑cdn.sigstore.dev, and Azure Blob Storage endpoints. An attacker who can observe or control network traffic to these hosts—via a man‑in‑the‑middle position, compromised DNS, or a malicious mirror—can capture the token without needing any privileges or user interaction, because the exploit vector is purely network‑based. Possession of the token grants the attacker the same rights as the compromised user, including read/write access to private repositories, organization resources, or enterprise administration depending on token scopes. Consequently, a successful exploit can lead to unauthorized code disclosure, supply‑chain tampering, and potential data exfiltration, jeopardising confidentiality and integrity of development assets. Exploitation requires that the victim runs the affected commands while authenticated and that the attacker can intercept or host the TUF‑related requests.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-48501 with a CVSS score of 7.4 is a token leakage vulnerability in GitHub CLI (gh) versions ≤ 2.92.0, where the tool’s shared HTTP client mistakenly appends the user’s GitHub authentication header to requests directed at TUF repository mirrors used by the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands. The client’s host‑normalisation logic collapses any *.github.com subdomain to github.com, causing the token to be sent to external hosts such as tuf‑repo.github.com, tuf‑repo‑cdn.sigstore.dev, and Azure Blob Storage endpoints. An attacker who can observe or control network traffic to these hosts—via a man‑in‑the‑middle position, compromised DNS, or a malicious mirror—can capture the token without needing any privileges or user interaction, because the exploit vector is purely network‑based. Possession of the token grants the attacker the same rights as the compromised user, including read/write access to private repositories, organization resources, or enterprise administration depending on token scopes. Consequently, a successful exploit can lead to unauthorized code disclosure, supply‑chain tampering, and potential data exfiltration, jeopardising confidentiality and integrity of development assets. Exploitation requires that the victim runs the affected commands while authenticated and that the attacker can intercept or host the TUF‑related requests.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-8xvp-7hj6-mcj9