Command Injection Vulnerability in GitHub CLI Tool
CVE-2026-59831
4.4MEDIUM
What is CVE-2026-59831?
The GitHub CLI, from versions 2.10.0 to 2.95.0, is susceptible to a command injection vulnerability. When users connect to a malicious Codespace using the 'gh codespace jupyter' command, the tool may execute arbitrary commands due to inadequate validation of JupyterLab URLs. This flaw allows attackers to exploit the command handling, directing the application to open potentially dangerous vscode:// or vscode-insiders:// URLs. The vulnerability is mitigated in version 2.96.0.
Affected Version(s)
cli >= 2.10.0, < 2.96.0
