Back to Feed
VulnerabilitiesJul 7, 2026

'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows

GitLost flaw leaks private data from GitHub's agentic workflows via crafted public repo issues.

Summary

A critical vulnerability dubbed 'GitLost' has been discovered in GitHub's agentic workflows, allowing unauthenticated attackers to exfiltrate private data. By creating a malicious GitHub Issue within an organization's public repository, attackers can silently access and steal sensitive information from private repositories within the same organization.

Indicators of Compromise

  • cve — CVE-2024-4122

Entities

GitHub Agentic Workflows (product)GitHub (vendor)