Upstream information

CVE-2026-59831 at MITRE

Description

GitHub CLI (gh) is GitHub's official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopback HTTP or HTTPS address, allowing a crafted vscode:// or vscode-insiders:// URL to be handed to VS Code. This issue is fixed in version 2.96.0.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail CNA (GitHub) SUSE
Base Score 4.4 4.4
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network Network
Attack Complexity High High
Privileges Required Low Low
User Interaction Required Required
Scope Changed Changed
Confidentiality Impact Low Low
Integrity Impact Low Low
Availability Impact None None
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1271215 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Fri Jul 10 13:31:01 2026
CVE page last modified: Fri Jul 10 13:31:01 2026