'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
Summary
A flaw called 'GitLost' in GitHub's agentic workflows (AI systems that automatically perform tasks) allows an attacker to create a fake issue in a public repository and use it to secretly access data from private repositories without needing to log in. This means private data can be leaked even though the attacker never had official access to those repositories.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://www.darkreading.com/cyber-risk/gitlost-leaks-private-data-github-agentic-workflows
First tracked: July 7, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 85%