CVE-2026-59831 in CLIinfo

Summary

by MITRE • 07/10/2026

GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopback HTTP or HTTPS address, allowing a crafted vscode:// or vscode-insiders:// URL to be handed to VS Code. This issue is fixed in version 2.96.0.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability in GitHub CLI (gh) affects versions 2.10.0 through 2.95.0 and relates to insecure handling of JupyterLab URLs during Codespace interactions. When users execute the command `gh codespace jupyter`, the tool establishes a connection to a JupyterLab interface hosted within the Codespace environment. The flaw occurs because the application does not validate whether the supplied URL originates from a loopback interface, specifically HTTP or HTTPS addresses bound to localhost or 127.0.0.1. This validation gap creates an opportunity for malicious actors to manipulate the URL delivery mechanism and potentially execute arbitrary commands on the user's system.

The technical implementation of this vulnerability stems from improper input validation within the codespace jupyter command execution flow. The system accepts URLs without verifying their network binding characteristics, which allows attackers to supply crafted URLs that may redirect to external endpoints or malicious services. This behavior aligns with CWE-20: Improper Input Validation, where insufficient validation of input data leads to security vulnerabilities. When a malicious Codespace provides a specially crafted URL, the tool passes this unvalidated address directly to VS Code's protocol handler through vscode:// or vscode-insiders:// schemes.

The operational impact of this vulnerability extends beyond simple command execution, as it enables attackers to potentially gain unauthorized access to users' development environments and local systems. The attack vector leverages the trust relationship between GitHub CLI and VS Code's protocol handlers, allowing malicious actors to exploit the user's installed VS Code application to execute arbitrary code with the privileges of the logged-in user. This scenario represents a privilege escalation vulnerability that could lead to data exfiltration, system compromise, or further lateral movement within a network environment.

The security implications of this flaw are particularly concerning given the widespread adoption of GitHub Codespaces and the integration with VS Code development workflows. The vulnerability creates a potential attack surface where users may unknowingly execute malicious commands simply by connecting to compromised Codespace environments. This issue connects to ATT&CK technique T1059.001: Command and Scripting Interpreter - PowerShell, as the execution occurs through legitimate command line interfaces but with malicious intent. The fix implemented in version 2.96.0 addresses this by enforcing strict validation of loopback URLs, ensuring that only local HTTP or HTTPS endpoints can be accessed through the codespace jupyter functionality.

Organizations and individual developers should immediately upgrade to GitHub CLI version 2.96.0 or later to mitigate this vulnerability, as the flaw could potentially be exploited in supply chain attacks or through compromised Codespace environments. The remediation approach focuses on implementing proper URL validation mechanisms that verify network interface binding before allowing protocol handler invocations, which aligns with secure coding practices outlined in industry security standards and frameworks.

Responsible

GitHub M

Reservation

07/07/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!