// GitHubCRITICAL
CVE-2026-48501 is a critical vulnerability in GitHub CLI (gh) versions prior to 2.93.0. Improper host normalization logic in the shared HTTP client causes the CLI to attach users' GitHub OAuth tokens to requests to external hosts including tuf-repo.github.com, sigstore.dev, and Azure Blob Storage. Attackers controlling these hosts can intercept the Authorization header and gain full account access, potentially compromising repositories, CI/CD workflows, and API actions.
// Get alerts for GitHub