Several security issues were fixed in GitHub CLI.. ========================================================================== Ubuntu Security Notice USN-8012-1 February 04, 2026 gh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in GitHub CLI. Software Description: - gh: GitHub for the terminal Details: It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. (CVE-2024-54132) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. (CVE-2024-53858) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS gh 2.45.0-1ubuntu0.3+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8012-1 CVE-2024-53858, CVE-2024-54132 . Security issues in GitHub CLI fixed for Ubuntu 24.04 LTS including file overwrite and token theft risks.. GitHub CLI security, Ubuntu 24.04, security update, command line tools, system vulnerabilities. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.