tradingkey.logo
tradingkey.logo
Search

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft, Google, and Apache

CryptopolitanJun 25, 2026 11:32 AM
facebooktwitterlinkedin
View all comments0

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories that allowed attackers to steal credentials, push malicious code, and compromise operations at some of the world’s largest software organizations.

These vulnerabilities have been found across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation, which the firms have also claimed to have fixed. 

What is the Cordyceps vulnerability? 

The security firm Novee has uncovered a dangerous new class of vulnerabilities in CI/CD pipelines that it refers to as “Cordyceps.” The name “Cordyceps” comes from a parasitic fungus that takes over its host, as this flaw lets anyone with a free GitHub account take control of popular open-source projects. 

The vulnerabilities were discovered across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. A single scan of 30,000 repositories revealed 300 fully exploitable attack chains. 

Attackers are able to steal credentials, inject malicious code, and compromise software supply chains through these vulnerabilities. The issues have been fixed, but researchers warn that AI coding assistants will keep reproducing them across millions of repositories. 

GitHub Actions workflows handle important tasks like running tests, building software, and publishing releases, but they are often treated as simple configuration files rather than security-critical code. 

The attack chain usually begins when an outsider, which can be anyone with a free GitHub account, submits a pull request or leaves a comment on a public repository. A low-privilege workflow that accepts the outsider’s input as if it were trusted data is then activated.

From there, the output flows into a second workflow that runs with elevated permissions. This second workflow might hold cloud provider authentication tokens, package registry credentials, or signing keys. And at this point, the attacker can either steal non-expiring tokens or permanently compromise the repository. 

According to security researchers, every individual step in these chains can pass a security audit on its own. The vulnerability only appears when someone traces the path of untrusted data across the full sequence of workflow handoffs. 

Which major companies were affected by the vulnerability?

Novee found and reported confirmed vulnerabilities at some of the world’s largest technology organizations. 

Microsoft’s Azure Sentinel, for instance, contained a pull request comment that could trigger attacker code execution on Microsoft’s CI infrastructure and steal a non-expiring GitHub App key. This key would have granted persistent write access to security detection content that Microsoft distributes to customer Sentinel workspaces.

Google’s AI Agent Development Kit repository, with over 9,200 GitHub stars, had a flaw in which a single pull request could let an attacker gain the highest permission level (roles/owner) on the associated Google Cloud project. 

In Apache’s Doris Analytics Database, researchers found two zero-click attack paths. One allowed a comment on any pull request to steal hardcoded CI credentials, while the other let a forked pull request steal a token with full write permissions across code, packages, and pages. 

Cloudflare’s Workers SDK, built around the Wrangler CLI toolchain, was vulnerable to arbitrary command execution triggered by a specially crafted branch name. 

The Python Software Foundation’s Black code formatter, which has over 130 million downloads, had a flaw where any pull request could steal the project’s automation bot token, which could then approve further pull requests.

Novee confirmed to Dark Reading that none of these workflow patterns were exploited before patches were applied. 

Meged recommends that CISOs treat CI/CD workflow files as security-critical code.

If you're reading this, you’re already ahead. Stay there with our newsletter.

Disclaimer: The information provided on this website is for educational and informational purposes only and should not be considered financial or investment advice.

Comments (0)

Click the $ button, enter the symbol, and select to link a stock, ETF, or other ticker.

0/500
Commenting Guidelines
Loading...

Recommended Articles

tradingkey.logo
* References, analysis, and trading strategies are provided by the third-party provider, Trading Central, and the point of view is based on the independent assessment and judgement of the analyst, without considering the investment objectives and financial situation of the investors.
Risk Warning: Our Website and Mobile App provides only general information on certain investment products. Finsights does not provide, and the provision of such information must not be construed as Finsights providing, financial advice or recommendation for any investment product.
Investment products are subject to significant investment risks, including the possible loss of the principal amount invested and may not be suitable for everyone. Past performance of investment products is not indicative of their future performance.
Finsights may allow third party advertisers or affiliates to place or deliver advertisements on our Website or Mobile App or any part thereof and may be compensated by them based on your interaction with the advertisements.
© Copyright: FINSIGHTS MEDIA PTE. LTD. All Rights Reserved.