Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
Security WeekArchived Jun 24, 2026✓ Full text saved
The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
A systemic class of exploitable CI/CD vulnerabilities in the open source software supply chain exposes millions of repositories to takeover, cybersecurity firm Novee warns.
Referred to as Cordyceps, the security defects allow unauthenticated attackers to hijack developer workflows and gain full control over affected repositories.
Agentic coding, Novee says, has resulted in insecure patterns being reproduced across millions of repositories through automatically generated CI/CD workflows.
The flaws, ranging from command injection to authentication logic, artifact poisoning, and privilege escalation, impact build tooling from Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation, with a ripple effect reaching thousands of other organizations.
Any unauthenticated attacker with a free account can exploit these weaknesses to forge approvals, push code, and exfiltrate credentials, without an organization membership or special privileges.
“Once the exploit pattern was identified, 654 repositories were flagged in a single scan, and more than 300 were confirmed fully exploitable – attacker-controlled code execution, credential theft, or outright supply chain compromise,” Novee says.
The vulnerabilities, the cybersecurity firm says, reside in GitHub Actions YAML. Low-privileged workflows can be triggered via untrusted pull requests or comments, with the output ending in high-privilege workflows that authenticate to cloud providers with the maintainer’s permissions.
“These workflows run shell commands, authenticate to cloud providers, hold signing keys, and publish releases, yet they are treated as ‘configuration,’ not as security-critical code. The result: command injection, privilege escalation, and supply-chain compromise hiding in plain sight,” Novee says.
The cybersecurity firm identified the flaws in GitHub Actions .yml files, which are overlooked by traditional security scanners, but underlines that this is not a GitHub-exclusive weakness, and that any workflow management system is susceptible.
“When that same software is then installed by thousands of organizations, one compromised workflow in one repository can ripple outward into banks, cloud accounts, AI labs, and end-user devices,” Novee says.
Webinar Today: Modern Exposure Validation in the AI Era
Cordyceps was confirmed to impact Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris analytics database, Cloudflare’s Workers SDK, and Python Software Foundation’s Black code formatter, impacting all organizations that rely on these repositories.
The exploitation of these vulnerabilities could lead to supply chain compromise (through malicious packages published on NPM, PyPI, Crates.io, Docker/GHCR, and Helm), malicious code pushed to protected branches, forced CI checks, compromised credentials across AWS, GCP, and Netlify, compromised self-hosted runners, and bot impersonation.
“This supply chain vulnerability lies in the foundational open-source plumbing the entire industry runs on, and the kind of issue that hides from scanners because, technically, every individual piece is working as designed. The workflow does what it was told. The vulnerability exists only in the composition – untrusted data crossing a trust boundary that no one audited,” Novee says.
Related: Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says
Related: Dragos Unveils AI for OT Security
Related: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Related: FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
WRITTEN BY
Ionut Arghire
Ionut Arghire is an international correspondent for SecurityWeek.
More from Ionut Arghire
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
Russian Initial Access Broker Behind FortiBleed Campaign
Canadian Electricity Provider London Hydro Discloses Data Breach
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
Fortinet Responds to FortiBleed Campaign
More Cybersecurity Firms Disclose Impact From Klue Hack
Latest News
Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
Webinar Today: Modern Exposure Validation in the AI Era
Hackers Exploiting Cisco Unified CM Vulnerability
Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says
Dragos Unveils AI for OT Security
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Trending
Webinar: How Modern Breaches Bypass MFA And Evade Detection
June 17, 2026
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
Register
Webinar: Modern Exposure Validation In The AI Era
June 24, 2026
AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register
People on the Move
SolarWinds has appointed Justin Henkel as Chief Information Security Officer.
J. Paul Haynes has joined Cinchy as Chief Executive Officer.
Hatem Naguib has become Chief Executive Officer at Sysdig.
More People On The Move
Expert Insights
What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George)
No Exploits Required
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)
After AI Reaches Production: 12 Ways Security Teams Can Take Control
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)
Everybody Is Vibe Coding But Nobody Told The Security Team
AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Flipboard
Reddit
Whatsapp
Email