GitHub CLI Incorrectly Includes Authorization Header in API Requests

GitHub CLI versions 2.92.0 and earlier contain a vulnerability where authorization headers, including GitHub personal access tokens and enterprise tokens, are incorrectly included in API requests to external hosts. Specifically, the gh attestation, gh release verify, and gh release verify-asset commands fetch data from hosts such as tuf-repo.github.com, tuf-repo-cdn.sigstore.dev, and tmaproduction.blob.core.windows.net. Due to improper host normalization, the CLI’s authentication layer attaches tokens intended for github.com or GHES instances to these requests. This issue affects authenticated github.com users and users with GH_ENTERPRISE_TOKEN or GITHUB_ENTERPRISE_TOKEN set. Successful exploitation would allow unauthorized access to the token holder’s resources.

Attack Chain

1. A user configures the GitHub CLI with a personal access token or enterprise token.
2. The user executes a gh attestation, gh release verify, or gh release verify-asset command.
3. The GitHub CLI initiates an HTTP request to tuf-repo.github.com to retrieve TUF metadata.
4. Due to incorrect host normalization, the CLI attaches the user’s github.com token to the request header.
5. The GitHub CLI initiates HTTP requests to tuf-repo-cdn.sigstore.dev and tmaproduction.blob.core.windows.net to retrieve additional TUF metadata and artifact bundles.
6. The CLI erroneously includes the GH_ENTERPRISE_TOKEN or GITHUB_ENTERPRISE_TOKEN in the headers of these requests.
7. The external hosts receive the unauthorized tokens in the HTTP headers.
8. An attacker who gains access to these hosts could potentially steal the tokens.

Impact

This vulnerability allows unauthorized access to GitHub tokens, potentially granting an attacker access to private repositories, organization resources, or enterprise administration depending on token type and permissions. Although there is no evidence that tokens were logged, retained, or accessed by unauthorized parties, a captured token would grant the same access as the token holder. This vulnerability is tracked as CVE-2026-48501.

Recommendation

• Revoke all authentication tokens used with the GitHub CLI, including personal access tokens and the GitHub CLI OAuth app as described in the GitHub documentation.
• Upgrade the GitHub CLI to version 2.93.0 or later to remediate the vulnerability.
• Review personal security logs for any suspicious activity related to your account.
• Review audit logs for any unexpected actions performed by GitHub CLI tokens.