Home / mailings [USN-8012-1] GitHub CLI vulnerabilities
Posted on 04 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8012-1
February 04, 2026
gh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in GitHub CLI.
Software Description:
- gh: GitHub for the terminal
Details:
It was discovered that GitHub CLI could behave unexpectedly if users
downloaded a malicious GitHub Actions workflow artifact through gh run
download. An attacker could possibly use this issue to create or overwrite
files in unintended directories. (CVE-2024-54132)
It was discovered that GitHub CLI could behave unexpectedly when cloning
repositories containing git submodules hosted outside of GitHub.com and
ghe.com. An attacker could possibly use this issue to gather authentication
tokens. (CVE-2024-53858)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gh 2.45.0-1ubuntu0.3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8012-1
CVE-2024-53858, CVE-2024-54132
--===============4966186905755982794==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
