AL26-013 Security incident impacting GitHub internal repositories
On May 18, 2026, GitHub detected unauthorized access to its internal systems originating from a compromised employee device. The intrusion was facilitated by a maliciously modified version of the Nx Console Visual Studio Code extension (version 18.95.0).
The attacker successfully exfiltrated approximately 3,800 internal GitHub repositories, containing proprietary source code and internal configuration data.
GitHub Enterprise Server customers are advised to follow vendors recommendations. No action is required for GitHub Enterprise Cloud clients.