February 24, 2026 // Vulnerability | #RoguePilot #Prompt Injection #GITHUB_TOKEN

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN - The Hacker News

The RoguePilot vulnerability in GitHub Codespaces leveraged passive prompt injection within GitHub issues to manipulate Copilot. This enabled attackers to silently execute malicious commands and exfiltrate sensitive data, specifically the `GITHUB_TOKEN`, to external servers.

Source: Original Report ↗
← Back to Feed