Full Report
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and
Analysis Summary
# Vulnerability: Cordyceps CI/CD Workflow Hijacking
## CVE Details
- **CVE ID**: Not explicitly listed in the provided article (The issue is described as a "class of weakness" rather than a single software bug).
- **CVSS Score**: N/A (Described as "Critical" by researchers).
- **CWE**: CWE-913 (Improper Control of Dynamically Managed Code Resources), CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - Command Injection).
## Affected Systems
- **Products**: GitHub Repositories (specifically those with high-impact open-source footprints).
- **Versions**: Various (Scanning revealed 300+ vulnerable repositories).
- **Configurations**:
- Weak CI/CD configurations where privileged workflows are triggered by untrusted Pull Requests (PR).
- Workflows that allow untrusted data (e.g., PR comments, branch names, or forked PR code) to cross trust boundaries without auditing.
## Vulnerability Description
Codename "Cordyceps" refers to a pattern of CI/CD misconfigurations where GitHub Actions or similar automated workflows grant excessive permissions to code submitted by unauthenticated external users. The flaw exists in the *composition* of the workflow: an untrusted PR triggers a workflow that has access to secrets (tokens) or administrative permissions. Attackers can leverage this via:
- **Command Injection**: Using crafted branch names or PR comments to execute code on runners.
- **Token Theft**: Accessing non-expiring GitHub App keys or automation tokens.
- **Privilege Escalation**: Forging approvals or gaining write access to the main repository.
## Exploitation
- **Status**: PoC demonstrated by researchers; findings confirmed by Microsoft and Google.
- **Complexity**: Low (Exploitable by any unauthenticated user with a free account).
- **Attack Vector**: Network (Remote).
## Impact
- **Confidentiality**: High (Theft of CI credentials, hard-coded secrets, and source code).
- **Integrity**: High (Attacker can push malicious code, forge PR approvals, and compromise the supply chain).
- **Availability**: Medium (Potential to disrupt build systems or delete repository assets).
## Remediation
### Patches
- **Vendor Specific**: Microsoft, Google, Apache, Cloudflare, and Python (Black) have applied hardening measures to their specific workflows.
- **GitHub Action Hardening**: Update workflow files to restrict `permissions` scopes for `pull_request` events.
### Workarounds
- **Least Privilege**: Configure CI/CD workflows with the minimum necessary permissions (e.g., `contents: read`).
- **Environment Protection**: Use "Required Approval" for all outside contributors before workflows run.
- **Input Validation**: Sanitize all dynamic inputs such as `${{ github.event.pull_request.title }}` or branch names to prevent command injection in shell scripts.
## Detection
- **Indicators of Compromise**:
- Unexpected outbound network connections from CI runners to unknown IPs.
- Unusual PR activity, such as comments containing shell commands or suspicious branch naming patterns.
- Unauthorized use of GitHub App keys or automation tokens outside of normal CI hours.
- **Detection Methods**: Use CI/CD security scanners (e.g., OpenSSF Scorecard, StepSecurity) to audit workflow YAML files for dangerous patterns.
## References
- [hXXps://thehackernews[.]com/2026/06/cordyceps-cicd-flaws-expose-300-github.html]
- [hXXps://novee[.]security/blog/cordyceps/]