Legit Security discovered CamoLeak, a critical vulnerability (CVSS 9.6) in GitHub Copilot Chat that enabled silent data exfiltration from private repositories. The attack used prompt injection hidden in invisible PR comments, bypassing GitHub's Camo security feature by encoding sensitive data into pixel image sequences. When victims asked Copilot to explain pull requests, the injected commands executed, leaking credentials and API keys character-by-character through image requests. GitHub patched the vulnerability by disabling image rendering in Copilot Chat.
Sort: