Ethical Hacking News
A critical vulnerability in CI/CD workflow configurations has been discovered, allowing attackers to hijack workflows and compromise open-source supply chains. Experts warn that this vulnerability could have severe downstream impacts and emphasizes the need for organizations to take immediate action to patch these vulnerabilities.
Cordyceps vulnerability allows attackers to hijack workflows and compromise open-source supply chains with unprecedented ease.The vulnerability is exploitable by any unauthenticated user, regardless of their organizational affiliation.Over 300 fully exploitable repositories have been identified, which can be manipulated and controlled by attackers to execute malicious code or steal sensitive information.The vulnerability arises from weak CI/CD configurations that grant pull requests more permissions than they should have.Attackers have exploited this vulnerability in multiple cases, including Microsoft Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and Python Software Foundation's Black.The impact of this vulnerability is profound and far-reaching, with attackers able to silently manipulate workflows using "agentic coding".
Threat Intelligence Experts Warn of Severe Vulnerability in Open-Source Software Supply Chains
The discovery of a critical exploitable pattern in CI/CD workflow configurations has raised alarm bells among cybersecurity experts and researchers. Dubbed "Cordyceps" by Novee Security, this vulnerability allows attackers to hijack workflows and compromise open-source supply chains with unprecedented ease.
According to Elad Meged, founding engineer and security researcher at Novee Security, the flaw is exploitable by any unauthenticated user, regardless of their organizational affiliation. "No org membership or special privileges; a free account is enough to forge approvals, push code, or steal credentials," he explained in a recent statement.
The impact of this vulnerability extends far beyond individual organizations. A scan of approximately 30,000 high-impact repositories conducted by Novee Security has revealed over 300 fully exploitable repositories, which can be manipulated and controlled by attackers to execute malicious code, steal sensitive information, or disrupt the entire supply chain.
At its core, the Cordyceps vulnerability arises from weak CI/CD configurations that grant pull requests (PRs) more permissions than they should have. PRs are proposals to merge code changes from one branch into the main project, but due to an untrusted PR triggering privileged workflows, it can open doors to command injection, privilege escalation, and supply chain compromise.
"This supply chain vulnerability lies in the foundational open-source plumbing the entire industry runs on, and the kind of issue that hides from scanners because, technically, every individual piece is working as designed," Novee explained. "The workflow does what it was told. The vulnerability exists only in the composition – untrusted data crossing a trust boundary that no one audited."
Researchers have discovered several specific examples of how Cordyceps has been exploited by attackers, including:
* On Microsoft's Azure Sentinel, a comment on a PR allowed anonymous attacker code to run on Microsoft's CI and steal a non-expiring GitHub App key.
* In the case of Google's AI Agent Development Kit ("adk-samples"), a PR could execute attacker code on Google's CI to gain complete authority over a Google Cloud repository.
Other notable cases include:
* Apache Doris, where two zero-click attacks cause a single comment on any PR or a forked PR to run attacker code and exfiltrate hard-coded CI credentials or a token with full write permissions.
* The Cloudflare Workers SDK, where a PR with a crafted branch name can execute arbitrary commands on Cloudflare's CI runners.
* Python Software Foundation's Black, where a single pull request from anyone could execute attacker code on Black's build systems and steal the automation token, which can then be used to approve pull requests.
Following responsible disclosure, both Microsoft and Google confirmed impact. Cloudflare, Python, and Apache have applied hardening and patches, respectively. Meanwhile, Novee Security emphasizes that these CI/CD vulnerabilities are persistent at scale, with "agentic coding" allowing attackers to exploit them repeatedly and silently manipulate workflows.
"The nature of agentic coding means these CI/CD vulnerabilities are reproduced persistently, at scale, 'infecting' repositories at an exponential rate," Meged said. "Because anonymous users can use them to gain control over the software supply chain, we like to think of it as 'puppeteering' the repositories of some of the world's biggest companies, silently manipulating their workflows."
The implications of this vulnerability are profound and far-reaching. As cybersecurity expert Elad Meged noted, "These CI/CD vulnerabilities are reproduced persistently, at scale... Because anonymous users can use them to gain control over the software supply chain, we like to think of it as 'puppeteering' the repositories of some of the world's biggest companies, silently manipulating their workflows."
Threat Intelligence experts and cybersecurity researchers urge organizations to take immediate action to patch these vulnerabilities and strengthen their CI/CD configurations.
Related Information:
https://www.ethicalhackingnews.com/articles/Cordyceps-CICD-Flaws-Expose-300-GitHub-Repositories-to-Supply-Chain-Attacks-ehn.shtml
https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html
Published: Wed Jun 24 09:53:02 2026 by llama3.2 3B Q4_K_M
