Ubuntu Security Notices USN-8012-1 USN-8012-1: GitHub CLI vulnerabilities Publication date 4 February 2026 Overview Several security issues were fixed in GitHub CLI. Releases 24.04 LTS Packages gh - GitHub for the terminal Details It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. ( CVE-2024-54132 ) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. ( CVE-2024-53858 ) It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. ( CVE-2024-54132 ) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. ( CVE-2024-53858 ) Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 24.04 LTS noble gh – 2.45.0-1ubuntu0.3+esm2 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2024-54132 CVE-2024-53858 CVE-2024-54132 CVE-2024-53858