CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack by tricking a victim's browser into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker can steal sensitive data such as the victim's Copilot Bearer token.

The attack involves the attacker controlling a domain with a DNS record that alternates between the attacker's IP and localhost (127.0.0.1). When the victim visits the attacker's webpage, JavaScript running there fetches the token from the local server and exfiltrates it to the attacker.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker’s server and then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the attacker’s JavaScript can send requests to the copilot-api server running on localhost, bypassing browser same-origin policies due to the permissive CORS and lack of Host header validation.

This allows the attacker to steal sensitive data such as the victim’s Copilot Bearer token in plaintext, which can then be used to access the GitHub Copilot API with the victim’s privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

The stolen token can be abused to exhaust your Copilot premium request quota, potentially causing financial or service disruptions.

Additionally, the attack bypasses browser security policies, allowing cross-origin reads of sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server responds with a token or sensitive data despite the Host header being unrecognized, it indicates the vulnerability.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.

This vulnerability allows a remote attacker to steal sensitive authentication tokens (Copilot Bearer tokens) from victims by bypassing browser security policies through DNS rebinding and permissive CORS settings.

The theft of such sensitive tokens can lead to unauthorized access to user data and services, which may result in violations of data protection regulations such as GDPR or HIPAA, especially if personal or protected health information is accessed or exposed.

Because the vulnerability enables exfiltration of sensitive authentication credentials without user consent or awareness, affected organizations could face compliance risks related to confidentiality, integrity, and unauthorized access controls mandated by these standards.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack by tricking a victim's browser into sending requests to the local copilot-api server under the attacker's domain. Because the server accepts any Host header and allows any origin via CORS, the attacker can steal sensitive data such as the victim's Copilot Bearer token.

The attack involves the attacker controlling a domain with DNS records that switch between the attacker's IP and localhost (127.0.0.1). When the victim visits the attacker's webpage, JavaScript running there fetches the token from the local server and exfiltrates it to the attacker.

This vulnerability can lead to the full theft of the victim's Copilot Bearer token, which grants access to the GitHub Copilot API with the victim's privileges.

An attacker can remotely exploit this vulnerability by simply having the victim visit a malicious webpage, without needing local network access.

The stolen token can be used to abuse the victim's Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

Additionally, the vulnerability bypasses browser same-origin policies, allowing cross-origin reads of sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• If the token is returned despite the Host header being set to an arbitrary domain, the vulnerability is present.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to the attacker's server and later resolves to localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser sends requests to the copilot-api server running locally, which accepts the requests due to lack of Host header validation.

This allows the attacker to steal sensitive data such as the victim's Copilot Bearer token in plaintext by bypassing the browser's same-origin policy through DNS rebinding and the permissive CORS policy.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

The attacker can then abuse your token to exhaust your Copilot premium request quota, potentially causing financial or service disruption impacts.

This vulnerability can be detected by testing whether the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive token information.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it indicates the vulnerability is present.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using a wildcard CORS policy; restrict Access-Control-Allow-Origin to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack where a victim visiting a malicious webpage can have their browser tricked into sending requests to the local copilot-api server. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

The attack works by the attacker controlling a domain that initially resolves to their server, then changes to resolve to localhost (127.0.0.1). The victim’s browser treats requests to this domain as same-origin, allowing the attacker to bypass browser security policies and steal authentication tokens.

This vulnerability can lead to full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

The stolen token can be used to exhaust your Copilot premium request quota, potentially causing financial or service disruption.

Additionally, the vulnerability bypasses browser same-origin policies via DNS rebinding and permissive CORS, exposing sensitive authentication data to remote attackers.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive tokens.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server responds with a token despite the Host header being unrecognized, it indicates the vulnerability.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to reduce exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

This attack bypasses browser same-origin policies, allowing remote attackers to steal authentication tokens and potentially abuse the victim’s GitHub Copilot API privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

With the stolen token, the attacker can exhaust your Copilot premium request quota, potentially causing financial or service disruption impacts.

Additionally, the vulnerability allows bypassing browser security policies, exposing sensitive API responses to unauthorized parties.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands with manipulated Host headers to see if the server responds with sensitive token information.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the Copilot Bearer token or other sensitive data despite the Host header being unrecognized, it indicates the vulnerability.

Immediate mitigation steps include restricting and validating the Host header, limiting CORS policies, and binding the server to specific interfaces.

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies (Access-Control-Allow-Origin: *); instead, restrict CORS to trusted origins only.
• Bind the copilot-api server explicitly to localhost or a specific hostname rather than all network interfaces.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned regardless of the Host value.

• Use curl to test Host header acceptance: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token data despite the Host header being set to an arbitrary domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability can lead to the full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

The attacker can abuse the stolen token to exhaust the victim’s Copilot premium request quota or perform unauthorized actions using the victim’s API access.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive data such as the Copilot Bearer token.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being unrecognized, it indicates the vulnerability.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent acceptance of arbitrary Host values.

Additionally, avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin headers to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack where a victim visiting a malicious webpage can be tricked into sending requests to the local copilot-api server. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it.

The vulnerability arises from no Host header validation, a wildcard CORS policy, and binding to all interfaces, enabling remote attackers to bypass browser same-origin policies and steal authentication tokens.

This vulnerability can lead to full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

• Unauthorized access to the victim’s Copilot API resources.
• Exfiltration of sensitive authentication tokens via DNS rebinding and CORS bypass.
• Potential exhaustion of the victim’s Copilot premium request quota by attackers abusing the stolen token.
• Remote exploitation requiring only that the victim visits a malicious webpage, no local network access needed.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it uses a permissive CORS policy.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the server returns sensitive tokens.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token data despite the Host header being arbitrary.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce exposure.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with the Copilot Bearer token or sensitive data despite the Host header being set to an untrusted domain.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy that allows any origin to access its responses. Additionally, it binds to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser is tricked into sending requests to the copilot-api server running locally, bypassing same-origin policy protections.

Because the server accepts any Host header and allows cross-origin requests, the attacker can retrieve sensitive data such as the victim's Copilot Bearer token in plaintext. This token can then be exfiltrated to the attacker’s server, enabling unauthorized access to the victim’s GitHub Copilot API privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to your GitHub Copilot API privileges.

• Unauthorized access to your Copilot API using your token.
• Exhaustion of your Copilot premium request quota by attackers abusing the stolen token.
• Bypassing browser same-origin policy protections, allowing remote attackers to read sensitive API responses from your local services.
• Remote exploitation requiring only that you visit a malicious webpage, with no need for local network access.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host values.

Avoid using a wildcard CORS policy; instead, restrict Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to reduce exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by controlling a domain with a DNS record that alternates between the attacker's IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability can lead to full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

The stolen token can be used to abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

Additionally, the vulnerability bypasses browser same-origin policies via DNS rebinding and permissive CORS, allowing unauthorized cross-origin access to sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token information despite the Host header being manipulated.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Avoid using wildcard CORS policies; instead, restrict Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to limit exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The vulnerability occurs because the server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker's server and then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server running on localhost, trusting the domain as same-origin due to DNS rebinding.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can retrieve sensitive data such as the Copilot Bearer token from the victim’s local server and exfiltrate it to the attacker’s server.

This vulnerability can lead to the full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

The attacker can then abuse the stolen token to exhaust the victim’s Copilot premium request quota or perform unauthorized actions using the victim’s API access.

Additionally, the vulnerability bypasses browser same-origin policies via DNS rebinding and permissive CORS, allowing cross-origin reads of sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned regardless of the Host value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token data despite the Host header being set to an arbitrary domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy allowing any origin to access its responses. Additionally, it binds to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker's server and then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the browser trusts the domain as same-origin and sends requests to the copilot-api server running locally. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can retrieve sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

This vulnerability can lead to the full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can bypass browser same-origin policies using DNS rebinding and the permissive CORS policy to read sensitive API responses remotely.

The attacker can abuse the stolen token to exhaust the victim’s Copilot premium request quota, potentially causing financial or service disruption impacts.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token data despite the Host header being set to an arbitrary domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy allowing any origin to access responses. Additionally, it binds to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to their server and later resolves to localhost (127.0.0.1). When a victim visits the attacker’s webpage, the attacker’s JavaScript can send requests to the copilot-api server running on localhost, bypassing browser same-origin policies due to the permissive CORS and lack of Host header validation.

This allows the attacker to steal sensitive data such as the victim’s Copilot Bearer token in plaintext, which can then be used to access the GitHub Copilot API with the victim’s privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your user privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

The attacker can then use your stolen token to exhaust your Copilot premium request quota or perform unauthorized actions on your behalf.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

The attacker can bypass browser same-origin policies using DNS rebinding and a permissive CORS policy to read sensitive API responses from the victim’s local server.

With the stolen token, the attacker can abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

This vulnerability can be detected by testing the server's response to HTTP requests with manipulated Host headers. Since the server does not validate the Host header, sending requests with arbitrary Host values will still return sensitive data such as the Copilot Bearer token.

A practical command to test this is using curl with a custom Host header to see if the /token endpoint returns sensitive information:

• curl -H "Host: attacker.com" http://<target-ip>:4141/token

If the server responds with token data despite the Host header being set to an untrusted domain, it confirms the vulnerability.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent accepting arbitrary Host values.
• Avoid using a wildcard CORS policy (Access-Control-Allow-Origin: *). Instead, restrict CORS to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to limit exposure.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's IP and localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker can steal sensitive data such as the victim's Copilot Bearer token.

This token theft occurs because the server does not restrict Host headers, uses a wildcard CORS policy, and binds to all interfaces, enabling remote attackers to bypass browser same-origin policies and exfiltrate authentication tokens.

This vulnerability allows a remote attacker to steal your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

With the stolen token, the attacker can abuse your Copilot premium request quota, potentially causing financial loss or service disruption.

The attack bypasses browser security policies, meaning it only requires the victim to visit a malicious webpage; no local network access is needed.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server responds with a token or sensitive data despite the Host header being manipulated, it indicates the vulnerability.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Also, configure the server to bind explicitly to localhost or a specific hostname instead of all network interfaces to reduce exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack where a victim visiting a malicious webpage can have their browser tricked into sending requests to the local copilot-api server as if it were the attacker's domain. Because the server accepts any Host header and allows any origin via CORS, the attacker can steal sensitive data such as the victim's Copilot Bearer token.

The attack involves the attacker controlling a domain with DNS records that switch between the attacker's IP and localhost (127.0.0.1). The victim's browser treats requests to localhost as same-origin with the attacker domain, allowing the attacker to bypass browser security policies and exfiltrate tokens.

This vulnerability can lead to full theft of the victim's Copilot Bearer token, which grants access to the GitHub Copilot API with the victim's privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

The stolen token can be used to abuse the victim's Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

Overall, the vulnerability allows unauthorized API access and abuse of victim resources by bypassing browser same-origin policies and CORS restrictions.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token or sensitive data despite the Host header being unrecognized, it indicates the vulnerability.

Immediate mitigation steps include restricting and validating the Host header, limiting CORS policies, and binding the server to specific interfaces.

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies (Access-Control-Allow-Origin: *); instead, restrict CORS to trusted origins only.
• Bind the copilot-api server explicitly to localhost or a specific hostname rather than all network interfaces.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to their server, then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server on localhost under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript running in the victim’s browser can read sensitive data such as the Copilot Bearer token from the /token endpoint and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

• Unauthorized access to the victim’s Copilot API resources.
• Exhaustion of the victim’s Copilot premium request quota by abusing the stolen token.
• Bypassing browser same-origin policy protections via DNS rebinding and permissive CORS, leading to cross-origin data theft.

The attack requires only that the victim visits a malicious webpage; no local network access or user interaction beyond visiting the page is needed.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive tokens.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being set to an untrusted domain, the vulnerability is present.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to their server, then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server on localhost under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript running in the victim’s browser can access sensitive data such as the Copilot Bearer token from the /token endpoint and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal sensitive authentication tokens (Copilot Bearer tokens) from the victim’s local copilot-api server without requiring local network access.

• Full theft of the victim’s Copilot Bearer token, enabling unauthorized access to the GitHub Copilot API with the victim’s privileges.
• Bypassing browser same-origin policy through DNS rebinding and permissive CORS, allowing cross-origin reads of sensitive API responses.
• Potential abuse of the stolen token to exhaust the victim’s Copilot premium request quota, causing financial or service disruption impacts.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host header value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• If the token is returned despite the Host header being set to an arbitrary domain, the vulnerability is present.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

The attacker can bypass browser same-origin policies using DNS rebinding and a permissive CORS policy to read sensitive API responses from the victim’s local server.

With the stolen token, the attacker can abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive data such as the Copilot Bearer token.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with the token despite the Host header being set to an untrusted domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent acceptance of arbitrary Host values.

Avoid using wildcard CORS policies; instead, restrict Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to limit exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to manipulate the Host header and perform a DNS rebinding attack, where a victim visiting a malicious webpage can be tricked into sending requests to the local copilot-api server as if it were the attacker's domain. Because the server accepts any Host header and allows any origin via CORS, the attacker can steal sensitive data such as the victim's Copilot Bearer token.

The attack works by the attacker controlling a domain that initially resolves to their server, then changes to resolve to localhost (127.0.0.1). The victim's browser treats requests to localhost as same-origin with the attacker's domain, allowing the attacker’s JavaScript to access sensitive API responses and exfiltrate tokens.

This vulnerability can lead to the full theft of the victim's Copilot Bearer token, which grants access to the GitHub Copilot API with the victim's privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

• Unauthorized access to the victim's Copilot API resources.
• Exfiltration of sensitive authentication tokens.
• Potential exhaustion of the victim's Copilot premium request quota by abusing the stolen token.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being set to an untrusted domain, it confirms the lack of Host header validation.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of binding to all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker's server and then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the browser trusts the domain as same-origin and sends requests to the copilot-api server running locally. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can retrieve sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

This vulnerability allows a remote attacker to bypass browser security policies and steal authentication tokens from local services without requiring local network access.

The vulnerability can lead to full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

• Unauthorized access to the victim’s Copilot API resources.
• Exhaustion of the victim’s Copilot premium request quota by the attacker abusing the stolen token.
• Bypassing browser same-origin policies through DNS rebinding, enabling cross-origin reads of sensitive API responses.

Overall, this can lead to unauthorized use of the victim’s API privileges and potential abuse of their resources.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server responds with a token or sensitive data despite the Host header being unrecognized, it indicates the vulnerability.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

This allows an attacker to perform a DNS rebinding attack where a victim visiting a malicious webpage can be tricked into sending requests to the local copilot-api server. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript running in the victim’s browser can read sensitive data such as the Copilot Bearer token from the local server and exfiltrate it.

The root cause is the lack of Host header validation, a wildcard CORS policy, and binding to all interfaces, which together enable the attacker to bypass browser same-origin policies and steal authentication tokens remotely.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, which then steals your token without needing local network access.

With the stolen token, the attacker can abuse your Copilot premium request quota, potentially causing financial loss or service disruption.

Overall, it compromises the confidentiality of your authentication credentials and allows unauthorized API access and resource abuse.

Immediate mitigation steps include restricting and validating the Host header, limiting CORS policies, and binding the server to specific interfaces.

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies (Access-Control-Allow-Origin: *); instead, restrict CORS to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname rather than all network interfaces to reduce exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker's server and then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server on localhost, which accepts the requests due to lack of Host header validation.

Because of the permissive CORS policy, the attacker’s JavaScript running in the victim’s browser can read sensitive data such as the Copilot Bearer token from the server and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

The attacker can bypass browser same-origin policies using DNS rebinding and a permissive CORS policy to read sensitive API responses.

With the stolen token, the attacker can abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being set to an untrusted domain, it confirms the vulnerability.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using a wildcard CORS policy; restrict Access-Control-Allow-Origin to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

This attack bypasses browser same-origin policies and can be performed remotely without local network access.

This vulnerability can lead to the full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can abuse the stolen token to exhaust the victim’s Copilot premium request quota, potentially causing financial or service disruption.

Because the attack bypasses browser security policies remotely, it requires only that the victim visits a malicious webpage, making it a significant remote attack vector.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive data such as the Copilot Bearer token.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with the token despite the Host header being set to an untrusted domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Avoid using a wildcard CORS policy (Access-Control-Allow-Origin: *) and instead restrict it to trusted origins only.

Bind the server explicitly to localhost or a specific hostname rather than binding to all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that initially points to the attacker's server and then changes to 127.0.0.1 (localhost). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

• Full theft of authentication tokens leading to unauthorized API access.
• Bypassing browser same-origin policy via DNS rebinding and permissive CORS, enabling cross-origin data theft.
• Potential exhaustion of the victim’s Copilot premium request quota by abusing the stolen token.
• Remote exploitation requiring only that the victim visits a malicious webpage, no local network access needed.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and responds with sensitive data such as the Copilot Bearer token.

A practical detection method is to use curl commands to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it confirms the vulnerability.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Also, bind the server explicitly to localhost or a specific hostname instead of binding to all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to the attacker’s server and later resolves to localhost (127.0.0.1). When a victim visits the attacker’s webpage, the attacker’s JavaScript can send requests to the copilot-api server running on localhost, bypassing same-origin policy due to the permissive CORS and lack of Host header validation.

This allows the attacker to steal sensitive data such as the victim’s Copilot Bearer token in plaintext, which can then be used to access the GitHub Copilot API with the victim’s privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, allowing an attacker to impersonate you and access the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by tricking you into visiting a malicious webpage, without needing local network access.

The attacker can also exhaust your Copilot premium request quota by abusing the stolen token, potentially causing financial or service disruption impacts.

This vulnerability can be detected by testing the server's response to HTTP requests with manipulated Host headers. Since the server does not validate the Host header, sending requests with arbitrary Host values will still return sensitive tokens.

• Use curl to send requests with different Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.
• Example command: curl -H "Host: attacker.com" http://localhost:4141/token

If the server returns the token despite the Host header being set to an untrusted domain, it confirms the vulnerability.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent accepting arbitrary Host values.
• Avoid using a wildcard CORS policy (Access-Control-Allow-Origin: *); instead, restrict it to trusted origins.
• Bind the server explicitly to localhost or a specific hostname rather than all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The vulnerability occurs because the server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits a malicious webpage controlled by the attacker, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker can retrieve sensitive data such as the victim's Copilot Bearer token.

This token can then be exfiltrated by the attacker's JavaScript, bypassing browser same-origin policies, enabling unauthorized access to the victim's GitHub Copilot API privileges.

This vulnerability can lead to the full theft of the victim's Copilot Bearer token, which grants access to the GitHub Copilot API with the victim's privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

• Unauthorized access to the victim's Copilot API resources.
• Exhaustion of the victim's Copilot premium request quota by abusing the stolen token.
• Bypassing browser security policies such as the same-origin policy via DNS rebinding and permissive CORS.

This vulnerability can be detected by testing whether the ericc-ch copilot-api server accepts arbitrary Host headers without validation and whether it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it indicates the vulnerability.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to the attacker's server and later resolves to localhost (127.0.0.1). When a victim visits the attacker's webpage, the browser trusts the domain as same-origin and sends requests to the copilot-api server running locally. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can retrieve sensitive data such as the victim’s Copilot Bearer token and exfiltrate it.

This vulnerability allows a remote attacker to bypass browser security policies and steal authentication tokens from local services without requiring local network access.

The vulnerability can lead to full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can abuse the stolen token to exhaust the victim’s Copilot premium request quota, potentially causing financial or service disruption impacts.

Because the attack is fully remote and only requires the victim to visit a malicious webpage, it significantly increases the attack surface and risk of unauthorized access.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the server and observe if the token is returned regardless of the Host value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• Check if the server responds with sensitive token data despite the Host header being set to an arbitrary domain.

Immediate mitigation steps include validating the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Bind the server explicitly to localhost or a specific hostname instead of all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to their server, then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server on localhost under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript running in the victim’s browser can access sensitive data such as the Copilot Bearer token from the /token endpoint and exfiltrate it to the attacker’s server.

This vulnerability allows a remote attacker to steal the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

The attacker can bypass browser same-origin policies using DNS rebinding and a permissive CORS policy to read sensitive API responses.

With the stolen token, the attacker can abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host header value.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it indicates the vulnerability.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.

Immediate mitigation steps include implementing strict validation of the Host header against a whitelist of allowed hostnames to prevent arbitrary Host values.

Additionally, avoid using wildcard CORS policies by restricting Access-Control-Allow-Origin to trusted origins only.

Configure the server to bind explicitly to localhost or a specific hostname instead of all network interfaces to limit exposure.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy (Access-Control-Allow-Origin: *), while binding to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's IP and localhost (127.0.0.1). When a victim visits the attacker's webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin.

Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the victim’s Copilot Bearer token from the local server and exfiltrate it to the attacker’s server.

This vulnerability can lead to the full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

An attacker can remotely exploit this by tricking a victim into visiting a malicious webpage, without needing local network access.

The stolen token can be used to abuse the victim’s Copilot premium request quota, potentially causing financial or resource exhaustion impacts.

Additionally, the attack bypasses browser same-origin policies, allowing cross-origin reads of sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being set to an untrusted domain, it confirms the lack of Host header validation.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header to test the /token endpoint, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it indicates the vulnerability is present.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy that allows any origin to access responses. Additionally, it binds to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a DNS record that alternates between the attacker's server IP and localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser is tricked into sending requests to the local copilot-api server under the attacker's domain origin. Because the server accepts any Host header and has a wildcard CORS policy, the attacker can retrieve sensitive data such as the victim's Copilot Bearer token.

This token can then be exfiltrated by the attacker's JavaScript, bypassing browser same-origin policies, allowing unauthorized access to the victim's GitHub Copilot API privileges.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

• Unauthorized access to your Copilot API, potentially allowing attackers to use your account.
• Exhaustion of your Copilot premium request quota by attackers abusing the stolen token.
• Bypassing browser security policies (same-origin policy) through DNS rebinding, enabling remote attackers to access local services.
• Remote exploitation requiring only that you visit a malicious webpage, with no need for local network access.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using a wildcard CORS policy (Access-Control-Allow-Origin: *); instead, restrict CORS to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname rather than binding to all network interfaces.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host value.

• Use curl with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server responds with a token despite the Host header being manipulated, it indicates the vulnerability.

This vulnerability can lead to the full theft of your Copilot Bearer token, which grants access to the GitHub Copilot API with your privileges.

An attacker can remotely exploit this by having you visit a malicious webpage, without needing local network access.

With the stolen token, the attacker can abuse your Copilot premium request quota, potentially causing financial or service disruption impacts.

Additionally, the vulnerability bypasses browser same-origin policies, allowing cross-origin reads of sensitive API responses.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl to send HTTP requests with manipulated Host headers to the /token endpoint and observe if the token is returned regardless of the Host header value.

• Use curl to test Host header validation: curl -H "Host: attacker.com" http://localhost:4141/token
• If the token is returned despite the Host header being set to an arbitrary domain, the vulnerability is present.

Immediate mitigation steps include restricting and validating the Host header on incoming requests to only allow trusted hostnames.

Additionally, avoid using a wildcard CORS policy (Access-Control-Allow-Origin: *) and instead restrict it to trusted origins.

Also, bind the server explicitly to localhost or a specific hostname rather than all network interfaces to reduce the attack surface.

CVE-2026-6874 is a DNS rebinding vulnerability in the ericc-ch copilot-api HTTP server (version 0.7.0 and earlier). The server does not validate the Host header of incoming HTTP requests and uses a permissive CORS policy allowing any origin to access responses. Additionally, it binds to all network interfaces without hostname restrictions.

An attacker can exploit this by registering a domain with a short DNS TTL that initially points to their server, then changes to resolve to localhost (127.0.0.1). When a victim visits the attacker-controlled webpage, the victim's browser sends requests to the copilot-api server on localhost under the attacker's domain origin. Because the server accepts any Host header and allows any origin via CORS, the attacker’s JavaScript can read sensitive data such as the Copilot Bearer token and exfiltrate it.

This vulnerability can lead to full theft of the victim’s Copilot Bearer token, which grants access to the GitHub Copilot API with the victim’s privileges.

• Unauthorized access to the victim’s Copilot API account.
• Exhaustion of the victim’s Copilot premium request quota by the attacker abusing the stolen token.
• Bypassing browser same-origin policies via DNS rebinding, allowing cross-origin reads of sensitive API responses.
• Remote exploitation requiring only that the victim visits a malicious webpage, no local network access needed.

This vulnerability can be detected by testing if the ericc-ch copilot-api server accepts arbitrary Host headers without validation and if it exposes sensitive tokens via the /token endpoint.

A practical detection method is to use curl commands to send requests with manipulated Host headers to the server and observe if the token is returned.

• Use curl to send a request with an arbitrary Host header, for example: curl -H "Host: attacker.com" http://localhost:4141/token
• If the server returns the token despite the Host header being manipulated, it indicates the vulnerability is present.

Immediate mitigation steps include:

• Validate the Host header against a whitelist of allowed hostnames to prevent arbitrary Host header acceptance.
• Avoid using wildcard CORS policies; restrict Access-Control-Allow-Origin to trusted origins only.
• Bind the server explicitly to localhost or a specific hostname instead of all network interfaces.