Ethical Hacking News
A critical vulnerability has been discovered in Anthropic's Claude Code GitHub Action that allows an attacker to hijack public repositories running the action with relative ease. The vulnerability, which was reported to Anthropic and subsequently fixed within four days, highlights the importance of robust security measures in ensuring the integrity of software workflows. Stay up-to-date on the latest developments in cybersecurity by following us on social media.
A critical flaw was identified in Anthropic's Claude Code GitHub Action that allows an attacker to hijack public repositories. The vulnerability exploits a permission system issue, allowing attackers to gain access to sensitive information and potentially hijack repositories. The exploit occurs when an attacker manipulates the content of an issue update to inject malicious code into a temporary file. The vulnerability is not limited to a single user account or GitHub App, but can be triggered by anyone creating an issue update with malicious content. Organizations that rely on GitHub Actions and Claude Code must take proactive steps to secure their workflows to mitigate the risk of exploitation.
In a recent discovery, cybersecurity researcher RyotaK has identified a critical flaw in Anthropic's Claude Code GitHub Action that allows an attacker to hijack public repositories running the action with relative ease. The vulnerability, which was reported to Anthropic and subsequently fixed within four days, highlights the importance of robust security measures in ensuring the integrity of software workflows.
For those unfamiliar with GitHub Actions, it is a cloud-based automation tool that allows developers to automate tasks and workflows for their repositories. Claude Code, specifically, is an AI-powered issue-triager designed to help teams manage their issues more efficiently. While the tool appears to be secure on its surface, RyotaK's discovery reveals that a single vulnerability in the workflow's permission system can be exploited by an attacker to gain access to sensitive information and potentially hijack repositories.
The vulnerability, which was identified through a combination of manual testing and automated scanning tools, takes advantage of the way Claude Code handles issue updates. When an issue is updated, the tool creates a temporary file to store the changes. However, if an attacker can manipulate the content of the issue update, they can inject malicious code into this file. This malicious code can then be executed by the Claude Code workflow, allowing the attacker to gain access to sensitive information such as repository credentials and tokens.
Furthermore, RyotaK has discovered that the vulnerability is not limited to a single GitHub App or user account. The issue can be triggered by anyone who can create an issue update with malicious content, regardless of their permissions or relationship with the repository. This means that even users with write access to the repository may not be able to prevent the exploitation of this vulnerability.
The discovery has significant implications for organizations that rely on GitHub Actions and Claude Code in their development workflows. As RyotaK notes, "This is not theoretical; we've seen this setup cause real-world supply-chain hits." In other words, an attacker can use this vulnerability to gain access to sensitive information and potentially hijack repositories, leading to further security breaches.
To mitigate this vulnerability, Anthropic has released an updated version of Claude Code (v1.0.94) that includes fixes for the issue. However, developers are advised to take additional steps to secure their workflows, such as updating to the latest version of Claude Code and implementing strict controls on who can trigger the workflow.
In conclusion, this vulnerability highlights the importance of robust security measures in ensuring the integrity of software workflows. As AI-powered tools like Claude Code continue to grow in popularity, it is essential that developers prioritize security and stay vigilant against potential vulnerabilities. By taking proactive steps to secure their workflows, organizations can minimize the risk of exploitation and protect themselves against potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Vulnerability-Exposed-How-a-Single-GitHub-Action-Flaw-Can-Hijack-Repositories-ehn.shtml
https://thehackernews.com/2026/06/claude-code-github-action-flaw-let-one.html
Published: Thu Jun 4 12:23:58 2026 by llama3.2 3B Q4_K_M
