CamoLeak CVE-2025-59145 (CVSS 9.6): Copilot Chat Silently Exfiltrates Secrets

CamoLeak (CVE-2025-59145, CVSS 9.6) is a critical supply-chain vulnerability that silently exfiltrates secrets and source code from private GitHub repositories via GitHub Copilot Chat, now catalogued as one of the defining 2026 AI coding security incidents.

1 min read|agenticonsult Intelligence

CamoLeak CVE-2025-59145 (CVSS 9.6): Copilot Chat Silently Exfiltrates Secrets

CamoLeak (CVE-2025-59145, CVSS score 9.6) is a critical vulnerability enabling silent exfiltration of secrets and source code from private GitHub repositories via GitHub Copilot Chat. The vulnerability has been catalogued by The AI Corner as the AI coding industry's closest equivalent to a SolarWinds-style supply chain attack — affecting any team using Copilot Chat in private repos. No patch confirmation has been independently verified at time of publication.

Why It Matters

Any organisation using GitHub Copilot Chat on private repositories should treat this as an immediate threat surface review item. The combination of AI code generation with silent credential exfiltration is exactly the risk vector Experian flagged this week when predicting agentic AI as the leading 2026 breach vector.

This breaking-news item was assembled from the cited primary source with AI assistance. It is intended for rapid situational awareness — refer to the original publication for the definitive statement.

CamoLeak CVE-2025-59145 (CVSS 9.6): Copilot Chat Silently Exfiltrates Secrets

CamoLeak CVE-2025-59145 (CVSS 9.6): Copilot Chat Silently Exfiltrates Secrets

Why It Matters

Live Intel Feed