Bug 2483312 (CVE-2026-48501)

Summary: CVE-2026-48501 github-cli: GitHub CLI: Information disclosure via incorrect authorization header handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anjoseph, dfreiber, drow, eglynn, jburrell, jjoyce, jprabhak, jpretori, jschluet, lhh, ljawale, luizcosta, mburns, mgarciac, nweather, rbobbitt, teagle, vkumar, wtam
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in GitHub CLI. The tool incorrectly includes authorization headers in API requests to TUF repository mirrors when using commands such as `gh attestation`, `gh release verify`, and `gh release verify-asset`. This issue occurs because the shared HTTP client's authentication layer lacks accurate host detection, causing it to send a user's GitHub token to external hosts that should not receive it. This can lead to the unauthorized disclosure of sensitive information.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2489770, 2489771    
Bug Blocks:    

Description OSIDB Bzimport 2026-05-29 17:01:37 UTC 
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authentication layer that automatically attaches tokens to outgoing requests. This layer lacks accurate host detection and can incorrectly attribute the target host, providing it with a token it should never receive. Specifically, the host normalization logic collapses any *.github.com subdomain to github.com, so a request to tuf-repo.github.com (a GitHub Pages site, not a GitHub API endpoint) is treated as a request to github.com and receives the user's github.com token. For hosts that don't match github.com or a known GHES instance at all, the resolver falls back to GH_ENTERPRISE_TOKEN if set. The gh attestation, gh release verify and gh release verify-asset commands fetch data from several external hosts as part of their normal operation (TUF metadata from tuf-repo.github.com and tuf-repo-cdn.sigstore.dev, artifact bundles from Azure Blob Storage). Because these requests go through the same authenticated HTTP client, the token is sent to all of them. This vulnerability is fixed in 2.93.0.