PatchSiren cyber security CVE debrief
CVE-2026-48501 cli CVE debrief
GitHub CLI (gh) versions prior to 2.93.0 incorrectly transmit authorization tokens to external hosts during attestation and release verification operations. The vulnerability stems from flawed host normalization logic in the CLI's shared HTTP client authentication layer, which collapses any *.github.com subdomain to github.com. This causes requests to tuf-repo.github.com—a GitHub Pages site hosting TUF metadata—to receive the user's github.com authentication token. Additionally, when hosts fail to match github.com or a known GitHub Enterprise Server instance, the resolver falls back to GH_ENTERPRISE_TOKEN if configured. The affected commands (gh attestation, gh release verify, and gh release verify-asset) fetch data from multiple external hosts including tuf-repo.github.com, tuf-repo-cdn.sigstore.dev, and Azure Blob Storage, causing tokens to be leaked to these third-party services. This represents a CWE-863 (Incorrect Authorization) vulnerability with CVSS 7.4 (HIGH severity). The issue was resolved in version 2.93.0.
- Vendor
- cli
- Product
- Unknown
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-29
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-29
- Advisory updated
- 2026-05-29
Who should care
Organizations using GitHub CLI for artifact attestation verification, release validation, or supply chain security workflows; DevSecOps teams managing CI/CD pipelines with gh CLI; developers using gh attestation or gh release verify commands; GitHub Enterprise Server administrators with GH_ENTERPRISE_TOKEN configured
Technical summary
The GitHub CLI uses a shared HTTP client with automatic token attachment. Host normalization logic incorrectly treats *.github.com subdomains as github.com, causing tuf-repo.github.com to receive github.com tokens. External hosts including TUF mirrors and Azure Blob Storage receive authentication credentials during normal attestation and release verification workflows.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade GitHub CLI to version 2.93.0 or later immediately
- Audit CI/CD pipelines and developer workstations for gh CLI versions below 2.93.0
- Review GitHub account security logs for anomalous token usage between first use of affected commands and upgrade date
- Rotate GitHub personal access tokens and GH_ENTERPRISE_TOKEN values if gh CLI was used for attestation or release verification prior to upgrade
- Consider implementing egress filtering or proxy inspection for gh CLI traffic to detect unauthorized token transmission
- Verify that automated tooling using gh CLI (including GitHub Actions workflows) uses patched versions
Evidence notes
Official GitHub security advisory GHSA-8xvp-7hj6-mcj9 documents the vulnerability. NVD entry confirms CVSS 3.1 vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. Fix version 2.93.0 explicitly stated in source description. CWE-863 classification from [email protected].
Official resources
-
CVE-2026-48501 CVE record
CVE.org
-
CVE-2026-48501 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-29