CVE-2026-48501
published 2026-05-29CVE-2026-48501: GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository…
PriorityP356critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.29%
20.6th percentile
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authentication layer that automatically attaches tokens to outgoing requests. This layer lacks accurate host detection and can incorrectly attribute the target host, providing it with a token it should never receive. Specifically, the host normalization logic collapses any *.github.com subdomain to github.com, so a request to tuf-repo.github.com (a GitHub Pages site, not a GitHub API endpoint) is treated as a request to github.com and receives the user's github.com token. For hosts that don't match github.com or a known GHES instance at all, the resolver falls back to GH_ENTERPRISE_TOKEN if set. The gh attestation, gh release verify and gh release verify-asset commands fetch data from several external hosts as part of their normal operation (TUF metadata from tuf-repo.github.com and tuf-repo-cdn.sigstore.dev, artifact bundles from Azure Blob Storage). Because these requests go through the same authenticated HTTP client, the token is sent to all of them. This vulnerability is fixed in 2.93.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cli | cli | < 2.93.0 | 2.93.0 |
| github.com | cli_cli_v2 | >= 0 < 2.93.0 | 2.93.0 |
| github | cli | < 2.93.0 | 2.93.0 |
| openshift-gitops-1 | argocd-rhel8 | — | — |
| openshift-gitops-1 | argocd-rhel9 | — | — |
| rhoso-operators | openstack-operator-bundle | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
vendor_redhat·2026-05-29·CVSS 9.1
CVE-2026-48501 [CRITICAL] CWE-551 github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authentication layer that automatically attaches tokens to outgoing requests. This layer lacks accurate host detection and can incorrectly attribute the target host, providing it with a token it should never receive. Specifically, the host normalization logic collapses any *.github.com subdomain to github.com, so a request to tuf-repo.github.com (a GitHub Pages site, not a GitHub API endpoint) is treated as a request
GHSA
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
ghsa·2026-05-29
CVE-2026-48501 [HIGH] CWE-863 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
### Summary
GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands.
**Affected users:**
- Authenticated `github.com` users who previously ran `gh attestation` commands, `gh release verify`, or `gh release verify-asset`: the `github.com` token was included in requests to `tuf-repo.github.com`, a GitHub Pages domain that is not a GitHub API endpoint. All authentication types are affected.
- Users with `GH_ENTERPRISE_TOKEN` or `GITHUB_ENTERPRISE_TOKEN` set who previously ran `gh attestation` comm
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [fedora-all]
bugzilla·2026-06-17·CVSS 9.1
CVE-2026-48501 [CRITICAL] CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [fedora-all]
CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [epel-all]
bugzilla·2026-06-17·CVSS 9.1
CVE-2026-48501 [CRITICAL] CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [epel-all]
CVE-2026-48501 gh: GitHub CLI: Information disclosure via incorrect authorization header handling [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48501 github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
bugzilla·2026-05-29·CVSS 9.1
CVE-2026-48501 [CRITICAL] CVE-2026-48501 github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
CVE-2026-48501 github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authentication layer that automatically attaches tokens to outgoing requests. This layer lacks accurate host detection and can incorrectly attribute the target host, providing it with a token it should never receive. Specifically, the host normalization logic collapses any *.github.com subdomain to github.com, so a request to tuf-repo.github.com (a GitHub Pages site, not a GitHub API endpoint) is treate
2026-05-29
Published