{"data":{"id":"b0c336b9-9775-4595-863c-7e68b0863af2","title":"'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows","summary":"A flaw called 'GitLost' in GitHub's agentic workflows (AI systems that automatically perform tasks) allows an attacker to create a fake issue in a public repository and use it to secretly access data from private repositories without needing to log in. This means private data can be leaked even though the attacker never had official access to those repositories.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.darkreading.com/cyber-risk/gitlost-leaks-private-data-github-agentic-workflows","publishedAt":"2026-07-07T15:24:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitHub"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-07T15:24:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}