VulnerabilitiesJul 7, 2026
'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
GitLost flaw leaks private data from GitHub's agentic workflows via crafted public repo issues.
Summary
A critical vulnerability dubbed 'GitLost' has been discovered in GitHub's agentic workflows, allowing unauthenticated attackers to exfiltrate private data. By creating a malicious GitHub Issue within an organization's public repository, attackers can silently access and steal sensitive information from private repositories within the same organization.
Indicators of Compromise
- cve — CVE-2024-4122
Entities
GitHub Agentic Workflows (product)GitHub (vendor)